Wapiti is a vulnerability scanner that allows users to audit the security of their websites or web applications. Wapiti Free Download is used to perform black-box scans (where it does not study the source code) of web applications by crawling into the web pages of the deployed web application where it looks for scripts and forms to inject data. Wapiti acts like a buzzer once it gets its hands on the list of forms, URL’s and their inputs. The application injects payloads to seek if a script is vulnerable or not.
The wapiti 3.0.1 version is used to detect the following vulnerabilities:
- It is used for file disclosure including both local and remote include or requires, fopen, read the file)
- It has the database injection (includes JSP/ASP/SQL/PHP injections and X path injections as well)
- It also includes the XSS (cross-site scripting) injection (both reflected and permanent)
- It has command execution detection (eval, system, passtru)
- It has the CRLF injection (HTTP response splitting, session fixing)
- Includes the XXE (XML external entity) injection
- It has the SSRF (server ride Request Forgery)
- It has use of files that are potentially dangerous (all thanks to Nikto database)
- Has weak .htaccess configuration that can be bypassed
- Sensitive information like source code disclosure is given by the backup files
- Shell shock is also known as the bash bug
A buster module is also used to brute force directories and file names on the target webserver.
Both POST and HTTP methods are supported by wapiti for attacks. Multi past forms are also supported by wapiti. It is used to inject payloads in filenames (upload). The warning is usually given and raised whenever an anomaly is found (like e.g. 500 errors and timeouts). Wapiti has the ability to make a difference between reflected and permanent XSS vulnerabilities.
Also Check:Â Nikto Free Download – Webserver Scanner Software.
Contents
Wapiti Features
Wapiti is a vulnerability scanner that holds the following features:
- Wapiti is used to generate vulnerability reports in various formats that include HTML, JSON, TXT, XML
- Wapiti is used to both resume a scan or attacks a scan (session mechanism using the sqlite3 databases)
- Wapiti gives the user colors in the terminal in order to highlight vulnerabilities
- It carries different levels of verbosity
- It is the fastest and an easy mean to activate or deactivate attack modules
- Adding a payload is as easy as adding a line to a text file with the help of wapiti.
Also Check: dnSpy Free Download for Windows 10/8/7.
Wapiti – Browsing Features
Wapiti carries the following browsing features:
- It supports HTTPS, HTTP AND SOCKS5 proxies
- It authenticates through several methods like basic, digest, Kerberos or NTML
- It can restrain the scope of the scan (includes domain, folder, page, and URL)
- It can remove automatically one or more parameters in the URL’s
- In multiple ways, it is used to protect against the endless loop (like, e.g., limit values for a setting)
- There lies a possibility to set the first URL’s to explore even if it’s not in the scope
- It can exclude some URL’s of the scan and attack like logout URL
- It is used to import cookies (with the wapiti get cookies tool you can have them)
- It can both activate or deactivate SSL certificates verification
- It can extract URL’s from flash SWF files
- Try removing URL’s from javascript (very basic JS interpreter)
- It is aware of HTML 5 and can understand the recent HTML tags
- It provides with several options to control the crawler behavior and limits
- It skips specific parameter names during the attack
- It gives maximum time to the process of scanning
- It is used to add some custom HTTP headers or used to set a custom user agent
Also Check: Burp Suite Professional Free Download.
How to Use Wapiti
Wapiti-3.0.1 (wapiti.sourceforge.net)
Usage: wapiti [-h] [-u URL] [–scope {page,folder,domain,url}]
[-m MODULES_LIST] [–list-modules] [-l LEVEL] [-p PROXY_URL]
[-a CREDENTIALS] [–auth-type {basic,digest,kerberos,ntlm}]
[-c COOKIE_FILE] [–skip-crawl] [–resume-crawl]
[–flush-attacks] [–flush-session] [-s URL] [-x URL]
[-r PARAMETER] [–skip PARAMETER] [-d DEPTH]
[–max-links-per-page MAX] [–max-files-per-dir MAX]
[–max-scan-time MINUTES] [–max-parameters MAX] [-S FORCE]
[-t SECONDS] [-H HEADER] [-A AGENT] [–verify-ssl {0,1}]
[–color] [-v LEVEL] [-f FORMAT] [-o OUPUT_PATH]
[–no-bugreport] [–version]
Wapiti: error: one of the arguments -u/–url –list-modules is required.
Shortest way (with default options) to launch a Wapiti scan is as followed:
Wapiti -u http://target/.
Wapiti is also used to fetch cookies through the websites known as the wapiti-get cookie.
Also, Check Metasploit Pro Framework Free Download.
Wapiti Technical Information
The wapiti software application is free to download and usually lies under the security and privacy category. Wapiti is available in the English language. The app was last updated in 2009. The software can be installed on:
- Windows Vista
- Windows XP
- Windows7 x64
- Windows 7 x32
- Windows 8
- Windows 10
- Kali Linux
The version 2.2.1 of wapiti software can be downloaded from here. Just click on the button below. Till now, the program has been downloaded a bundle of times. The link provided is safe still you can scan it for your security and protection with the help of your anti-virus.
Wapiti software is released under the GNU General Public License version 2 (the GPL).
Also Check: Hashcat Free Download – Password Cracking Tool.
More tools:
Download Wapiti Latest Version for Free 2022
In this guide, we have highlighted for you the Wapiti software application that once installed how it can benefit you in an overall way as well as make benefits to your browser. Download the wapiti application now to make easy. If you found this article beneficial, then leave your comments in the section below.
Version: 3.0.1 (Latest).