In this post, You will learn what is wapiti and how to use it. Yep, it is a comprehensive blog post on wapiti.
Below is the video format of the post and also I have mentioned my discord channel name take a sneak peak of it and join.
What is Wapiti❓
Wapiti is an open-source tool for performing web application vulnerability scanning.
It can be used to identify potential security vulnerabilities in web applications, such as SQL injection, cross-site scripting (XSS), and file inclusion vulnerabilities.
It’s an impressive web-application vulnerability analysis tool and hopes you try it below is the download link.
The wapiti tool comes pre-installed in kali and parrot if not just install using the below command.
sudo apt-get update sudo apt-get install wapiti
Who developed wapiti
Wapiti is an open-source software it is made possible by many open-source developers and mostly the tool is coded by Nicolas Surribas also known as devl00p.
Below is the author link and the tool download link.
Features in Wapiti
- Ability to perform both black box and gray box testing
- Wapiti is its ability to perform both active and passive scanning.
- Wapiti can be run on a variety of platforms, including Windows, Linux, and Mac OS X.
- It can be run in a command-line interface, or through its web-based interface.
- Wapiti has many key features to know about that [click here]
How to use Wapiti
If you have any doubts about this tool, comment below or watch the youtube video. Join our discord server and ask doubts and stay in touch with us.
To do a default scan we can just enter the below command, Using the below command will scan the target site through all modules such as (SQL, XSS) etc.,
wapiti -u http://192.168.65.6
Specified Module Scan
Specifying the module will scan for only the particular type of vulnerability. For example, below I mentioned -m sql which will scan for SQL injection parameters.
wapiti -u http://192.168.65.6 -m sql
Also, we can specify multiple modules like below.
wapiti -u https://192.168.65.6 -m sql,xss
Basically what we do here is creating a cookie using the below command through the interactive process we can enter the usernames and password.
wapiti-getcookie -u http://192.168.65.6/phpMyAdmin/ -c cookie1.json
If you do not want to answer all those unwanted questions in an interactive session you can mention what you want., For instance bruteforcing.
wapiti-getcookie -u http://192.168.65.6/phpMyAdmin/ -c cookie.json -d "username=msfadmin&password=msfadmin&enter=submit"
- -c Saves the results in json format
- -d Mentioning the usernames and password
The result will be something like this ????????
You can use the below command to generate the report.
wapiti -u http://192.168.65.6 -m sql -f html -o meta2
- -f is for format
- -o is the file where the data will be saved
It will be saved in a directory and inside that, we should open the .html file to see the results in web format.
Overall, Wapiti is a powerful and versatile tool for performing web application vulnerability scanning.
Its ability to perform both black box and gray box testing, as well as both active and passive scanning, makes it a valuable addition to any web application security testing toolkit.
Also Read: Commix Full Tutorial