WAScan – Web Application Scanner Toolkit

WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and can run on any platform which has a Python environment.

WAScan - Web Application Scanner
WAScan – Web Application Scanner

The tool will have 6 parts:

  • Fingerprint This to identify the CMS, web framework, header , language, header, server and WAF.
  • Attacks to execute the exploitation of any discovered vulnerabilities. some of the attack will include SQL injection, XSS ,PHP Code Injection, blind SQL, buffer over flow and more.
  • Audit will allow penetration tester to check robots path,Checking Apache Status Page, Checking PHP Information and or any potential open redirect.
  • Bruteforce to check for potentials directory on the server.
  • Disclosure to check for private and sensitive information posted on the web server such as Private IP address, email addresses , credit cards and or social security numbers.
  • Full scan will run all of the above attacks and plugins.

You can read more and download this tool over here: https://github.com/m4ll0k/WAScan

Share