-
Notifications
You must be signed in to change notification settings - Fork 183
Home
Wapiti is an open-source web vulnerability scanner written in Python. It allows you to audit the security of your websites or web applications by performing "black-box" testing, meaning it doesn't need access to the application's source code. Instead, Wapiti crawls the website to find all accessible URLs and injects payloads to detect vulnerabilities.
Wapiti is designed to help web developers, security professionals, and system administrators identify vulnerabilities in their web applications. Some common uses of Wapiti include:
-
Crawling Websites: Wapiti scans web pages by following links, forms, and inputs to identify potential attack vectors.
-
Detecting Vulnerabilities: Wapiti tests your web application for various security issues by using different attack modules. To see an exhaustive list of supported attacks, run the command:
wapiti --list-modules -
Performing Black-Box Testing: Unlike "white-box" testing tools that require access to the application's source code, Wapiti performs its scans externally, simulating an attacker's perspective.
-
Customizable Attacks: Wapiti allows users to choose which attack modules to run, or even create custom modules to suit specific use cases.
-
Reporting: After scanning, Wapiti generates detailed reports in various formats (HTML, JSON, XML) so you can review the vulnerabilities and take action.
For a full list of Wapiti’s features, visit the Wapiti official website.
To start using Wapiti, install it via pip:
pip install wapiti3
You can then begin scanning your site with a simple command:
wapiti -u http://example.com
For more detailed documentation on how to configure and optimize your scans, explore the other wiki pages!