loading
loading
Scanners
A tiny web auditor with strong opinions, run over a list.
overview
twa-loop takes the opinionated twa audit and runs it across a whole file of domains instead of one host. For each domain it applies the same fixed checklist, missing security headers, cookie attributes, exposed development ports, and TLS posture, so a single run gives you a hygiene read on an entire estate rather than a single site.
Every flag carries straight over from twa and applies to each host in turn. You can include testssl for a deeper certificate and cipher review (-s), skip the development-port scan (-d), and add the www variant (-w) so both the apex and www host of every domain get audited. The strong opinions are the appeal: no tuning required, a consistent baseline applied everywhere.
In a Trickest Scanners workflow, twa-loop reads a file of domain hostnames and writes a file and a folder of results. Drop it after subdomain enumeration or a live-host filter so a discovered surface gets the same baseline audit across every host in one node.
source github.com/trailofbits/twa
use cases
Feed twa-loop the output of subdomain discovery so every host gets the same header, cookie, and TLS checklist in one pass.
Run a consistent audit across the estate to surface the one host with a missing header or weak cipher while every other host is clean.
Enable -s so testssl runs against each domain, extending the audit to certificate validity and protocol versions for the whole list.
Turn on -w so both the apex and www host of every domain in the file are audited, catching per-host redirect and header drift.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| domains | FILE | · | File of domain hostnames to scan. |
| test-ssl | BOOLEAN | -s | Audit each site and include testssl for a deeper TLS review. |
| check-www | BOOLEAN | -w | Audit each site and its www subdomain. |
| no-ports | BOOLEAN | -d | Audit each site without scanning common development ports. |
| verbose | BOOLEAN | -v | Audit each site and be verbose on stderr. |
Showing key inputs. twa-loop exposes 5 inputs in total.
example
# audit each domain in the list; skip dev ports; include www# twa-loop wraps: twa -d -w <domain>while read -r d; do twa -d -w "$d"; done < domains.txtwww.example.com PASS headersapi.example.com FAIL missing CSPapp.example.com PASS cookiesstaging.example.com FAIL open port 3000dev.example.com PASS tlsmail.example.com FAIL missing HSTScdn.example.com PASS headersguidance
Use twa-loop when you have a list of hosts and want the same opinionated baseline audit applied to every one. It is the multi-domain form of twa. For a single host use twa; for WAF fingerprinting or deeper vulnerability testing, chain wafw00f or a template scanner after it.
Same checklist for a single domain instead of a file.
Runs the broader nikto scanner over a host list. twa-loop is a tighter, opinionated audit.
Fingerprints the WAF in front of each host. Complements the twa-loop audit.
faq
related
Find reflected XSS during recon by checking payload reflection.
Fast and customizable subdomain wordlist generator using patterns.
Scans software bills of materials for security vulnerabilities.
Find broken links, missing images, and other dead references within your HTML.
A command-line scanner that finds exposed services, files, and folders through the web root.
A CMS detection and exploitation suite.
A file of domains feeds twa-loop, which runs the opinionated twa checklist against each host and writes the per-host audits as a queryable output.
Facts on this page come from the live Trickest tool library.