当前位置:网站首页>What is wapiti and how to use it
What is wapiti and how to use it
2022-07-29 05:42:00 【adeylinux】
1.Waptit What is it? :
Wapiti Is another terminal based Web Vulnerability scanner , It sends GET and POST Request to target site , To find loopholes :
It currently searches XSS、SQL and XPath Inject 、 File contains 、 Command execution 、XXE Inject 、CRLF Inject 、 Server side Request Forgery 、 Open vulnerabilities such as redirection . It USES Python 3 Programming language development .
Wapiti Address of the project :https://github.com/wapiti-scanner/wapiti
Wapiti install :
linux System installation wapiti
Run the command first sudo apt-get update Update software source library
Run again sudo apt-get install wapiti install wapiti
Run again sudo apt-get -f install Install dependency packages , You can use it directly
2.Wapiti The basic parameters :
The parameters are as follows :
-x : Exclude specific from scanning URL, For logout and password changes URL Very practical .
-o : Set the output file and its format , Such as :result.html
-f <type_file>: Set the output file format , Such as :html,json etc.
-m <module_options>: Set the module to attack
-i : from XML Restore previously saved scans in files . The file name is optional , Because if you ignore it Wapiti from scan Read files in the folder .
-a <login%password>: by HTTP Login with a specific certificate .
–auth-method : by -a Options define the authorization method , It can be for basic,digest,kerberos or ntlm.
-s : Define what to scan URL.
-p <proxy_url>: Use HTTP or HTTPS agent
Practical operation
wapiti -u "https://www.kbs.co.kr/"
wapiti After scanning , Will generate a html The report
From the scanning results, we can see that there is a vulnerability " Content security policy configuration "
What is the content security policy configuration :
By injecting Content-Security-Policy (CSP) header , Browsers are aware of and able to protect users from dynamic calls to load content into the currently accessed page .
For more information, please refer to ;OWASP Memo series documents :
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
There will be no vulnerability demonstration here , Because we must abide by the network security law .
summary :
The above is the content of this chapter , It mainly introduces Wapiti What is it, how to use it and how to practice it . Please like it .
边栏推荐
- Three handshakes and four waves for the interview summary
- 2022 mathematical modeling competition summer training lecture - optimization method: goal planning
- 【无标题】
- Clickhouse learning (IX) Clickhouse integrating MySQL
- 表格与表单相关知识点总结
- Longest string without duplicate characters
- Wapiti是什么以及使用教程
- 【TypeScript】TypeScript中类型缩小(含类型保护)与类型谓词
- [C language series] - three methods to simulate the implementation of strlen library functions
- 虚拟增强与现实第二篇 (我是一只火鸟)
猜你喜欢
Masscan使用教程.
OpenAtom OpenHarmony分论坛圆满举办,生态与产业发展迈向新征程
公众号不支持markdown格式文件编写怎么办?
Day 5
Day 1
DAY13:文件上传漏洞
[C language series] - storage of deep anatomical data in memory (II) - floating point type
B - identify floating point constant problems
Detailed installation and use tutorial of MySQL (nanny installation with pictures and texts)
虚拟增强与现实第二篇 (我是一只火鸟)
随机推荐
弹性盒子flex
ClickHouse学习(二)ClickHouse单机安装
Talking about Servlet
uniapp组件之倒计时(如阅读协议倒计时、完成学习倒计时)
用threejs 技术做游戏跑酷
Dynamic sorting of DOM object element blocks in applets
Realize simple database query (incomplete)
DAY6:利用 PHP 编写文件上传页面
Detailed explanation of GPIO input and output
Common shortcut keys for Ad
uniapp组件之选择选项(如套餐选择)
Playwright实战案例之爬取js加密数据
rem与px与em异同点
How does the MD editor of CSDN input superscripts and subscripts? The input method of formula and non formula is different
微信小程序更改属性值-setData-双向绑定-model
ClickHouse学习(四)SQL操作
redis的基本使用
Topological ordering of a graph of water
ClickHouse学习(九)clickhouse整合mysql
Clickhouse learning (V) cluster operation