WAScan – Web Application Scanner

August 28, 2021

WAScan – Web Application Scanner   is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application .

WAScan is built on python2.7 and can run on any platform which has a Python environment.

WAScan Attacks

  1. Bash Commands Injection
  2. Blind SQL Injection
  3. Buffer Overflow
  4. Carriage Return Line Feed
  5. SQL Injection in Headers
  6. XSS in Headers
  7. HTML Injection
  8. LDAP Injection
  9. Local File Inclusion
  10. OS Commanding
  11. PHP Code Injection
  12. SQL Injection
  13. Server Side Injection
  14. XPath Injection
  15. Cross Site Scripting
  16. XML External Entity

Installation WAScan :

$ git clone https://github.com/m4ll0k/WAScan.git wascan
$ cd wascan 
$ pip install BeautifulSoup
$ python wascan.py

Usage WAScan

$ python wascan.py --url http://xxxxx.com/ --scan 0

Attacks:

$ python wascan.py --url http://xxxxx.com/index.php?id=1 --scan 1

Advanced Usage :
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234"
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --data "id=1" --method POST
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx 
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx --proxy-auth "root:4321"
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx --proxy-auth "root:4321 --ragent -v

CyberAttack Tools to Improve Security

Janusec Application Gateway

Article posted by: https://hackingresources.com/wascan-web-application-scanner/
——————————————————————————————————————–
Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India
Contact us – https://www.infocerts.com

Open Whatsapp chat
Whatsapp Us
Chat with us for faster replies.