Wapiti Does not produce report for each path scanned #617
Comments
|
Indeed it is the current behavior of several modules like that. It will certainly be reconsidered when a passive module system would be integrated to Wapiti. It brings one question however: after how many of those findings should we stop displaying them? Most closed-source et cloud based solution will print a few then indicate "X more found", this is certainly the way to go as having thousands of entries of the same type can be annoying. How much is enough ? 50 maybe ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm running this command
wapiti -u https://juice-shop.herokuapp.com/ -v2 -o reports.json -f json --scope folderit's scanning all the available paths eg.
https://domain/foo1,https://domain/foo2but it's generating reports for only/path.Example:
{ "vulnerabilities": { "Content Security Policy Configuration": [ { "method": "GET", "path": "/", "info": "CSP is not set", "level": 1, "parameter": "", "http_request": "GET / HTTP/1.1\nHost: juice-shop.herokuapp.com", "curl_command": "curl \"https://juice-shop.herokuapp.com/\"" } ], "HTTP Secure Headers": [ { "method": "GET", "path": "/", "info": "X-XSS-Protection is not set", "level": 1, "parameter": "", "http_request": "GET / HTTP/1.1\nHost: juice-shop.herokuapp.com", "curl_command": "curl \"https://juice-shop.herokuapp.com/\"" } ] } }I want to get reports of vulnerabilities for each path available on given domain.
Example:
{ "vulnerabilities": { "Content Security Policy Configuration": [ { "method": "GET", "path": "/" }, { "method": "GET", "path": "/home" } ], "HTTP Secure Headers": [ { "method": "GET", "path": "/contact" }, { "method": "GET", "path": "/contact/success" } ] } }The text was updated successfully, but these errors were encountered: