Wapiti

Wapiti is an actively-maintained, command-line tool based web vulnerability scanner. Wapiti version 3.0 was released in January 2018 (http://wapiti.sourceforge.net/); however, Kali Linux still includes the previous version (2.3.0). According to the Wapiti website, this tool includes modules to detect the following vulnerabilities:

  • File disclosure (Local and remote include/require, fopen, readfile...)
  • Database Injection (PHP/JSP/ASP SQL injections and XPath injections)
  • XSS (Cross-Site Scripting) injection (reflected and permanent)
  • Command Execution detection (eval(), system(), passtru()...)
  • CRLF Injection (HTTP Response Splitting, session fixation...)
  • XXE (XML External Entity) injection
  • Use of known potentially dangerous files (thanks to the Nikto database)
  • Weak .htaccess configurations that can be bypassed
  • Presence of backup files providing sensitive information (source code disclosure)
  • Shellshock (aka Bash bug)

To start Wapiti, you need to issue the launch command in the command line, followed by the URL to be scanned and the options.

In the following screenshot, Wapiti is run over the HTTPS site for BodgeIt on the vulnerable VM, generating the report in the wapiti_output directory (the -o option). You can skip the SSL certificate verification, as the test VM has a self-signed certificate. Wapiti would stop without scanning, so use --verify-ssl 0 to bypass such a verification. You should not send more than 50 variants of the same request (the -n option). This is done to prevent loops. Finally, 2> null is used to prevent the standard error output to overpopulate the screen, as multiple requests with non-expected values will be made by the scanner and Wapiti can be very verbose:

wapiti https://10.7.7.5/bodgeit/ -o wapiti_output --verify-ssl 0 -n 20 2>null

You will then see the following output on your screen:

The scan will take some time. When it finishes, open the index.html file in the specified directory to see the results. The following is an example of how Wapiti reports vulnerabilities:

Wapiti's report is very detailed, and it includes a description of each finding, the request used to trigger the potential vulnerability, proposed solutions, and references to get more information about these. In the preceding screenshot, you can see that it found XSS in BodgeIt's search page.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.143.181