loading
loading
Scanners
A tiny web auditor with strong opinions.
overview
twa audits a single domain against a fixed checklist: security headers a browser would honor, cookie attributes, common development ports that should not face the internet, and basic TLS posture. It is deliberately small and opinionated, so you get sane defaults instead of a large configuration surface.
Optional switches deepen the pass. -s folds testssl into the report for certificate and cipher detail, -w audits both the apex and its www host, and -d skips the development-port scan when you only want the HTTP checks. -v writes verbose detail on stderr while the main findings stay on stdout.
In a Trickest workflow, feed twa a domain hostname and collect the file and folder it writes. Use it as a fast first-pass hygiene check on a single host; for many domains, switch to the twa-loop variant that drives the same checklist over a file of names.
source github.com/trailofbits/twa
use cases
Point twa at a domain to get a fast read on security headers, cookie flags, and TLS without configuring a heavier scanner.
Let twa scan for common dev ports that should never face the public internet, and disable that pass with -d when you only want the web checks.
Enable -s to fold testssl into the audit so the report covers certificate validity, protocol versions, and weak ciphers alongside the header checks.
Turn on -w so both example.com and www.example.com get audited, catching a header or redirect that is right on one and wrong on the other.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| domain | STRING | · | Domain hostname to scan. |
| verbose | BOOLEAN | -v | Audit a site, and be verbose (on stderr). |
| no-ports | BOOLEAN | -d | Audit a site without scanning common development ports. |
| test-ssl | BOOLEAN | -s | Audit a site and include testssl. |
| check-www | BOOLEAN | -w | Audit a site and its www subdomain. |
Showing key inputs. twa exposes 5 inputs in total.
example
# twa: audit example.com with testssl and www, skip dev-port scantwa -s -w -d example.comexample.comwww.example.comapi.example.comapp.example.comstaging.example.comdev.example.commail.example.comvpn.example.comguidance
Use twa for a fast, opinionated first-pass audit of a single web host before reaching for a heavier scanner. It trades configurability for sane defaults. For many domains at once, use twa-loop; for full WAF or vulnerability testing, pair it with wafw00f and a template scanner downstream.
Same checklist driven over a file of domains instead of one host.
Broader, noisier web server scanner. twa is a tighter, opinionated audit.
Identifies the WAF in front of a site. Complements twa's header and TLS checks.
faq
related
Find reflected XSS during recon by checking payload reflection.
Fast and customizable subdomain wordlist generator using patterns.
Scans software bills of materials for security vulnerabilities.
Find broken links, missing images, and other dead references within your HTML.
A command-line scanner that finds exposed services, files, and folders through the web root.
A CMS detection and exploitation suite.
A domain feeds twa, which runs its opinionated header, port, and TLS checklist and writes the audit as a queryable output.
Facts on this page come from the live Trickest tool library.