当前位置:网站首页>What is wapiti and how to use it
What is wapiti and how to use it
2022-07-29 05:42:00 【adeylinux】
1.Waptit What is it? :
Wapiti Is another terminal based Web Vulnerability scanner , It sends GET and POST Request to target site , To find loopholes :
It currently searches XSS、SQL and XPath Inject 、 File contains 、 Command execution 、XXE Inject 、CRLF Inject 、 Server side Request Forgery 、 Open vulnerabilities such as redirection . It USES Python 3 Programming language development .
Wapiti Address of the project :https://github.com/wapiti-scanner/wapiti
Wapiti install :
linux System installation wapiti
Run the command first sudo apt-get update Update software source library
Run again sudo apt-get install wapiti install wapiti
Run again sudo apt-get -f install Install dependency packages , You can use it directly
2.Wapiti The basic parameters :
The parameters are as follows :
-x : Exclude specific from scanning URL, For logout and password changes URL Very practical .
-o : Set the output file and its format , Such as :result.html
-f <type_file>: Set the output file format , Such as :html,json etc.
-m <module_options>: Set the module to attack
-i : from XML Restore previously saved scans in files . The file name is optional , Because if you ignore it Wapiti from scan Read files in the folder .
-a <login%password>: by HTTP Login with a specific certificate .
–auth-method : by -a Options define the authorization method , It can be for basic,digest,kerberos or ntlm.
-s : Define what to scan URL.
-p <proxy_url>: Use HTTP or HTTPS agent
Practical operation
wapiti -u "https://www.kbs.co.kr/"
wapiti After scanning , Will generate a html The report
From the scanning results, we can see that there is a vulnerability " Content security policy configuration "
What is the content security policy configuration :
By injecting Content-Security-Policy (CSP) header , Browsers are aware of and able to protect users from dynamic calls to load content into the currently accessed page .
For more information, please refer to ;OWASP Memo series documents :
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
There will be no vulnerability demonstration here , Because we must abide by the network security law .
summary :
The above is the content of this chapter , It mainly introduces Wapiti What is it, how to use it and how to practice it . Please like it .
边栏推荐
- OpenAtom OpenHarmony分论坛圆满举办,生态与产业发展迈向新征程
- Liang Yuqi, founder of aitalk: the link between image and virtual reality
- sql-server 数据表的简单操作
- Sqlmap是什么以及使用方法
- 365 day challenge leetcode 1000 questions - day 035 one question per day + two point search 13
- MySQL解压版windows安装
- 使用Qss设置窗体样式
- WIN10 编译ffmpeg(包含ffplay)
- href与src的区别
- Hcia-r & s self use notes (24) ACL
猜你喜欢
表格与表单相关知识点总结
ClickHouse学习(十一)clickhouseAPI操作
ClickHouse学习(六)语法优化
Merge the same items in the same column in table
[JS question solution] questions 1-10 in JS of niuke.com
QFrame类学习笔记
[C language series] - three methods to simulate the implementation of strlen library functions
Introduction to C language array to proficiency (array elaboration)
公众号不支持markdown格式文件编写怎么办?
Installation steps and environment configuration of vs Code
随机推荐
Summary of the first week
字符类型转换
Wapiti是什么以及使用教程
公众号不支持markdown格式文件编写怎么办?
Using POI TL to insert multiple pictures and the same data of multiple rows of cells into the table cells of word template at one time, it is a functional component for automatic merging
Relationship between redrawing and reflow
ClickHouse学习(二)ClickHouse单机安装
sql-server 数据表的简单操作
Installation steps and environment configuration of vs Code
Topological ordering of a graph of water
H5语义化标签
ClickHouse学习(六)语法优化
Common shortcut keys for Ad
On Paradigm
ANSI C type qualifier
paddle. Fluid constant calculation error 'nonetype' object has no attribute 'get_ fetch_ list‘
Merge the same items in the same column in table
uniapp之常用提示弹框
[JS question solution] questions 1-10 in JS of niuke.com
[C language series] - string + partial escape character explanation + annotation tips