table of contents
wapiti(1) | http://wapiti.sourceforge.net/ | wapiti(1) |
NAME¶
Wapiti - A web application vulnerability scanner in Python.SYNOPSIS¶
wapiti ROOT_URL [OPTIONS]DESCRIPTION¶
Wapiti allows you to audit the security of your web applications.OPTIONS¶
- -s, --start=URL
- To specify an url to start with. This option can be called several times.
- -x, --exclude=URL
- To exclude an url from the scan (for example logout scripts). This option
can be called several times to exclude several URLs.
- -b, --scope=SCOPE
- Set the scope of the scan:
page : to analyse only the page given as the root URL.
folder : to analyse all the URLs under the root URL passed to Wapiti (default).
domain : to analyse all the links to the pages which are in the same domain as
the URL passed to Wapiti.
- -p, --proxy=PROXY_URL
- To specify a proxy. Currently supported proxies are HTTP and HTTPS.
- -c, --cookie=COOKIE
- To import cookies to use for the scan. The COOKIE file must be in JSON
format.
- -t, --timeout=TIMEOUT
- Set the timeout (maximum time in seconds to wait for the server to send a response).
- -a, --auth=LOGIN%PASSWORD
- Set credentials for HTTP authentication ('%' is used as a separator).
- --auth-method=METHOD
- If the server requires an authentication, set the authentication method to
use.
basic
digest
kerberos
ntlm
- -r, --remove=PARAM
- Automatically remove the parameter PARAM (and its values) from the URLs.
- -n, --nice=LIMIT
- Define a limit of URLs to browse with the same pattern (ie, the maximum
number of unique values for the same parameter).
- -m, --module=MODULE_OPTIONS
- Set the modules (and HTTP methods for each module) to use for attacks.
-m "-all,xss:get,exec:post"
- -i, --continue=FILE
- This parameter indicates to Wapiti to resume the previous scan saved in
the specified XML status file.
- -k, --attack=FILE
- This parameter indicates to Wapiti to resume the attacks without scanning
again, loading the scan status from the specified XML status file.
- -u, --color
- Use colors to highlight vulnerabilities and anomalies in output.
- -v, --verbose=LEVEL
- Set the verbosity level to LEVEL.
- -f, --format=TYPE
- Set the format type for the report to TYPE. Currently supported formats
are :
json: Report in JSON format
html : Report in HTML format (default)
openvas : Report in OpenVAS XML format
txt : Report un plain text (UTF-8)
vulneranet: Report in VulneraNET XML format
xml : Report in XML format
- -o, --output=FILE
- Write the report to FILE.
- --verify-ssl=<0|1>
- This parameter indicates whether Wapiti must check SSL certificats.
- -h, --help
- To print this usage message.
LICENCE¶
Wapiti is covered by the GNU General Public License (GPL), version 2.COPYRIGHT¶
Copyright (c) 2006-2013 Nicolas Surribas.AUTHORS¶
Nicolas SurribasBUG REPORTS¶
If you find a bug in Wapiti please report it to http://sourceforge.net/tracker/?group_id=168625SEE ALSO¶
The README file that comes with Wapiti gives more detailed information on the options.http://wapiti.sourceforge.net/ | Version 2.3.0 |