iT邦幫忙

第 11 屆 iT 邦幫忙鐵人賽

DAY 24
1

Wapiti


Wapiti 是 Kali linux和 Parrot Security OS 內建的工具,可以使用這個工具來進行 web-application 漏洞掃描。

https://github.com/IFGHou/wapiti


  • 操作環境 Parrot OS
  • 執行指令
wapiti 

https://ithelp.ithome.com.tw/upload/images/20191017/20060971MSSVz7cmG9.png

  • Options:
optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     The base URL used to define the scan scope (default
                        scope is folder)
  --scope {page,folder,domain,url,punk}
                        Set scan scope
  -m MODULES_LIST, --module MODULES_LIST
                        List of modules to load
  --list-modules        List Wapiti attack modules and exit
  -l LEVEL, --level LEVEL
                        Set attack level
  -p PROXY_URL, --proxy PROXY_URL
                        Set the HTTP(S) proxy to use. Supported: http(s) and
                        socks proxies
  --tor                 Use Tor listener (127.0.0.1:9050)
  -a CREDENTIALS, --auth-cred CREDENTIALS
                        Set HTTP authentication credentials
  --auth-type {basic,digest,kerberos,ntlm}
                        Set the authentication type to use
  -c COOKIE_FILE, --cookie COOKIE_FILE
                        Set a JSON cookie file to use
  --skip-crawl          Don't resume the scanning process, attack URLs scanned
                        during a previous session
  --resume-crawl        Resume the scanning process (if stopped) even if some
                        attacks were previously performed
  --flush-attacks       Flush attack history and vulnerabilities for the
                        current session
  --flush-session       Flush everything that was previously found for this
                        target (crawled URLs, vulns, etc)
  --store-session PATH  Directory where to store attack history and session
                        data.
  -s URL, --start URL   Adds an url to start scan with
  -x URL, --exclude URL
                        Adds an url to exclude from the scan
  -r PARAMETER, --remove PARAMETER
                        Remove this parameter from urls
  --skip PARAMETER      Skip attacking given parameter(s)
  -d DEPTH, --depth DEPTH
                        Set how deep the scanner should explore the website
  --max-links-per-page MAX
                        Set how many (in-scope) links the scanner should
                        extract for each page
  --max-files-per-dir MAX
                        Set how many pages the scanner should explore per
                        directory
  --max-scan-time MINUTES
                        Set how many minutes you want the scan to last (floats
                        accepted)
  --max-parameters MAX  URLs and forms having more than MAX input parameters
                        will be erased before attack.
  -S FORCE, --scan-force FORCE
                        Easy way to reduce the number of scanned and attacked
                        URLs. Possible values: paranoid, sneaky, polite,
                        normal, aggressive, insane
  -t SECONDS, --timeout SECONDS
                        Set timeout for requests
  -H HEADER, --header HEADER
                        Set a custom header to use for every requests
  -A AGENT, --user-agent AGENT
                        Set a custom user-agent to use for every requests
  --verify-ssl {0,1}    Set SSL check (default is no check)
  --color               Colorize output
  -v LEVEL, --verbose LEVEL
                        Set verbosity level (0: quiet, 1: normal, 2: verbose)
  -f FORMAT, --format FORMAT
                        Set output format. Supported: json, html (default),
                        txt, openvas, vulneranet, xml
  -o OUPUT_PATH, --output OUPUT_PATH
                        Output file or folder
  --external-endpoint EXTERNAL_ENDPOINT_URL
                        Url serving as endpoint for target
  --internal-endpoint INTERNAL_ENDPOINT_URL
                        Url serving as endpoint for attacker
  --endpoint ENDPOINT_URL
                        Url serving as endpoint for both attacker and target
  --no-bugreport        Don't send automatic bug report when an attack module
                        fails
  --version             Show program's version number and exit

  • 操作
wapiti -u http://target/

https://ithelp.ithome.com.tw/upload/images/20191017/20060971akyh23fEq3.png


上一篇
[Day 23]-joomscan
下一篇
[Day 25]-WAES
系列文
利用開源資源執行安全檢測30

尚未有邦友留言

立即登入留言