Scan websites with wapiti

What is WAPITI?

Wapiti is a black box scanner. It only scans the webpage not source code fo the target. Wapiti only discover’s the vulnerabilities in a web application and it is not an exploitation tool. Wapiti injects payloads to check the vulnerability.

Ethical hacking researchers of international institute of cyber security said that wapiti is quite handy in the initial phase of penetration testing.

After completing of the scan wapiti generates vulnerability report in various format like html, xml, json, txt. Wapiti uses modules like database injection (PHP,ASP/JSP,SQL), cross-site scripting (XSS). Wapiti search for dangerous files on the server.

For launching wapiti type wapiti/wapiti –help in linux terminal:-

=============OUTPUT SNIP===============

  • There are lot of options which can be used in scanning of the website for more options type wapiti –help as shown above

DEFAULT SCAN:-

===================OUTPUT SNIP===================

  • In the above screen shots, when test.php.vulneb.com was scanned using wapiti and many vulnerabilities came out. Above output shows that target website is vulnerable to injection attacks and is vulnerable to the hackers.
  • In XSS module, this vulnerability is commonly used in cross-site scripting. XSS is used in injecting the client-side scripts into web pages. XSS is used in stealing victim’s browser cookies, sending unauthorised request to the victim.

SPECIFYING THE URL:-

  • Type:-

wapiti http://testphp.vulnweb.com/ -s http://testphp.vulnweb.com/categories.php

=================OUTPUT SNIP===================

  • In the above screen shot, -s option is specify the url to start scanning with. The above two URLs webpages contains vulnerability for remote execution and the sql injection.
  • The above vulnerable URL could be used in defacing website and sql injection attacks.

 

EXCLUDING THE URL:-

  • Type:-

wapiti http://testphp.vulnweb.com/ -x http://testphp.vulnweb.com/categories.php

  • In the above screen shot, URL which is excluded in the scan means the URL and its content will not be scanned in wapiti.

 

USING PROXY IN THE URL:-

  • In the above screen shot, wapiti is using the proxy server to scan the target and hide the identity of attacker. But using a proxy sometimes expose your identity on the internet as some proxies are vulnerable too. So be careful while using any proxy.
  • Proxy are easily available on the internet, simply type open proxies on your favorite search engine and you can easily grab one or you can use proxy from https://www.us-proxy.org/

 

USING THE TIMEOUT:-

  • In the above screen shot, after setting the timeout for the target URL. This is the maximum time in secs wapiti running will wait for the server to send a response.
  • wapiti will wait for 5 secs for the server to send a response for each request send. And after 5 secs of sending the request wapiti will timeout.

 

HIGHLIGHTING THE VULNERABILITIES:-

  • In the above screen shot, after executing the above query -u will highlight the vulnerabilities in color which are found in the target URL.

 

VERBOSE SCAN OF THE URL:-

0: quiet (default) by default wapiti is using verbosity level is set to 0.

1: print each URL, print each & every URL of the target.

2: print every attack will print each & every attack that is performed on the target.

  • In the above screen shot, after using 1 as the -v parameter. The above URLs are the part of the target URL.
  • Type wapiti http://testphp.vulnweb.com/ -v 2

  • In the above screen shot we are using 2 as -v parameter, it shows the type of attack which is useful in initial phase of pentesting. It shows the type of attack URLs that is performed on the target and save lot of time of the pentester.