wascan
WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using black-box method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc.
Details
Category: Scanners
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/wascan:cf2f61d
Source URL: https://github.com/R3dFruitRollUp/WAScan
Parameters
Command:
-a - HTTP Basic Authentication (user:pass)Command:
-d - Data to be sent via POST methodCommand:
-h - HTTP Host header valueCommand:
-p - Use a proxy, (host:port)Command:
-c - HTTP Cookie header valueCommand:
-H - Extra Headers (e.g: Host:site.com)Command:
-R - HTTP Referer header valueCommand:
-t - Seconds to wait before timeout connectionCommand:
-n - Set redirect target URL False (default=True)Command:
-b - Bruteforce hidden parametersCommand:
-P - Proxy Authentication, (user:pass)Command:
-u - Target URLCommand:
-A - HTTP User-agent header valueCommand:
-m - HTTP method, GET or POSTCommand:
-s - Choose scan option: 0 - Fingerprint, 1 - Attacks, 2 - Audit, 3 - Bruteforce, 4 - Disclosure, 5 - Full scanCommand:
-r - Use random User-agent header value