WAScan – Web Application Scanner

WAScan Web Application Scanner is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages..,etc.

Feature

Fingerprint

  • Content Management System (CMS) -> 6
  • Web Frameworks -> 22
  • Cookies/Headers Security
  • Languages -> 9
  • Operating Systems (OS) -> 7
  • Server -> ALL
  • Web App Firewall (WAF) -> 50+

Attacks

  • Bash Commands Injection
  • Blind SQL Injection
  • Buffer Overflow
  • Carriage Return Line Feed
  • SQL Injection in Headers
  • XSS in Headers
  • HTML Injection
  • LDAP Injection
  • Local File Inclusion
  • OS Commanding
  • PHP Code Injection
  • SQL Injection
  • Server Side Injection
  • XPath Injection
  • Cross Site Scripting
  • XML External Entity

Audit

  • Apache Status Page
  • Open Redirect
  • PHPInfo
  • Robots.txt
  • XST

Brute force

  • Admin Panel
  • Common Backdoor
  • Common Backup Dir
  • Common Backup File
  • Common Dir
  • Common File
  • Hidden Parameters

Requirements

  • Linux
  • Git package
  • Python package
  • beautifulsoup python module 

How to install and use WAScan in linux?

Step 1:

First you type this below command in your linux this command will help you to clone WAScan package in your terminal.

git clone https://github.com/m4ll0k/WAScan.git

Step 2:

Now type this below command this command will help you to open Wasan folder in your linux terminal

cd wascan

Step 3:

Once you open wascan folder type this below command to run this tool in your linux.

python wascan.py

Usage

Fingerprint

python wascan.py –url http://xxxxx.com/ –scan 0

Attacks

python wascan.py –url http://xxxxx.com/index.php?id=1 –scan 1

Audit 

python wascan.py –url http://xxxxx.com/ –scan 2

Bruteforce

python wascan.py –url http://xxxxx.com/ –scan 3

Dis-closer

python wascan.py –url http://xxxxx.com/ –scan 4

 Full-scan

python wascan.py –url http://xxxxx.com –scan 5

Brute-force hidden parameters 

python wascan.py –url http://xxxxx.com/test.php –brute

Advanced usage

  • python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth “admin:1234” 
  • python wascan.py –url http://xxxxx.com/test.php –scan 5 –data “id=1” –method POST 
  • python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth “admin:1234” –proxy xxx.xxx.xxx.xxx $ python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth “admin:1234” –proxy xxx.xxx.xxx.xxx –proxy-auth “root:4321” 
  • python wascan.py –url http://xxxxx.com/test.php –scan 5 –auth “admin:1234” –proxy xxx.xxx.xxx.xxx –proxy-auth “root:4321 –ragent -v

Leave a Reply

Your email address will not be published. Required fields are marked *