wapiti
Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
-
2
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout security/wapiti && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| wapiti-3.0.0.tar.gz | 0000528316 516 KB | |
| wapiti.changes | 0000001548 1.51 KB | |
| wapiti.spec | 0000003202 3.13 KB |
Latest Revision
Marcus Meissner (msmeissn)
accepted
request 565857
from
Antoine Belvire (1Antoine1)
(revision 2)
- Update to version 3.0.0:
* This new release now relies on Python 3.
* A session mechanism using sqlite3 allows you to stop the scan
or/and attacks and resume them later.
* The new behavior, when you stop Wapiti during the attack
process (with Ctrl+C), is to let you choose between continuing,
moving to the next attack-module, exiting with or without
generating the report.
* A total of 9 options can now help you to finely control the
scanner by fixing the maximum allowed depth of crawling,
skipping parameter names of your choice in URLs and forms,
setting the maximum delay for scanning, choosing between 6
modes of scan force, and more!
* The SOCKS5 proxy support is also back in this release.
* Improvements have been made to existing attack modules. For
example by reducing false-positives for the blind sqli attack
module.
* Two new attack modules were added: buster (for
directory/filename brute forcing) and shellshock (not really
new but here it is).
* Some options changed. The base URL must now be given through
the -u option.
- New runtime dependencies:
* python3-Mako
* python3-PySocks
* python3-lxml
* python3-tld
* python3-yaswfp
- Clean spec file with spec-cleaner.
Comments 0