1.Waptit What is it? ：

Wapiti Is another terminal based Web Vulnerability scanner , It sends GET and POST Request to target site , To find loopholes :
It currently searches XSS、SQL and XPath Inject 、 File contains 、 Command execution 、XXE Inject 、CRLF Inject 、 Server side Request Forgery 、 Open vulnerabilities such as redirection . It USES Python 3 Programming language development .
Wapiti Address of the project ：https://github.com/wapiti-scanner/wapiti

Wapiti install ：

linux System installation wapiti
Run the command first sudo apt-get update Update software source library
Run again sudo apt-get install wapiti install wapiti
Run again sudo apt-get -f install Install dependency packages , You can use it directly

2.Wapiti The basic parameters ：

The parameters are as follows ：

-x ： Exclude specific from scanning URL, For logout and password changes URL Very practical .
-o ： Set the output file and its format , Such as ：result.html
-f <type_file>： Set the output file format , Such as ：html,json etc.
-m <module_options>： Set the module to attack
-i ： from XML Restore previously saved scans in files . The file name is optional , Because if you ignore it Wapiti from scan Read files in the folder .
-a <login%password>： by HTTP Login with a specific certificate .
–auth-method ： by -a Options define the authorization method , It can be for basic,digest,kerberos or ntlm.
-s ： Define what to scan URL.
-p <proxy_url>： Use HTTP or HTTPS agent

Practical operation

 wapiti -u "https://www.kbs.co.kr/"

wapiti After scanning , Will generate a html The report
From the scanning results, we can see that there is a vulnerability " Content security policy configuration "

What is the content security policy configuration ：

By injecting Content-Security-Policy (CSP) header , Browsers are aware of and able to protect users from dynamic calls to load content into the currently accessed page .
For more information, please refer to ;OWASP Memo series documents ：
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
There will be no vulnerability demonstration here , Because we must abide by the network security law .

summary ：

The above is the content of this chapter , It mainly introduces Wapiti What is it, how to use it and how to practice it . Please like it .