Hey Folks, in this tutorial we are going to talk about an web application security scanner tool called “WAScan“. WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and it can run on any platform which has a Python environment.
Credit : github.com
Let’s take a look 🙂 !!
To successfully configure this tool we have to follow the given steps consecutively. After executing the git command the tool will be automatically downloaded to our system after which we can go to the directory and boot this tool using python command.
git clone https://github.com/m4ll0k/WAScan.git
cd WAScan
python wascan.pyYou can see all the available features in this tool by executing the following command. But you don’t have to be so nervous to use this tool as it gives us all examples to use the features of this tool.
python wascan.pyJust after giving the “–url” argument to the command, we have to enter our target details. As you can see in the image above there are six levels of scans in this tool where by default it runs at level 0. We get the same result after executing the command which is mentioned in the tool such as header, server version, waf, technology etc.
python wascan.py --url http://testphp.vulnweb.comBy using the disclosure option we can get sensitive data available on target web application.
python wascan.py --url http://testphp.vulnweb.com --scan 4Through the following command we can do all the things at the same time like brute forcing, crawling, weakness, audit, attack etc. So we will add “–scan 5” to our command to activate full scan mode.
python wascan.py --url http://testphp.vulnweb.com/listproducts.php?cat=1 --scan 5Great 🙂 !! It will first crawl the entire web application and try to find vulnerabilities in the web application by adding several combinations of payloads. As you can see how important vulnerabilities have been found in web applications.
Hmm 🙂 !! You can see as proof that web application is vulnerable to the SQL injection vulnerability.
As you can see how many vulnerabilities it tries to detect in a web application.
Done 🙂 !! Similarly, you can use the all these features available in this tools one by one and obtains some hidden files or vulnerabilities in the web application.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
The security of your API should be one of the top priorities of companies. Without…
Hey Folks, In today's business world, it is essential to have an online presence. However,…
Hey Folks, Is your business prepared in case of a cyber attack? Many companies don't…
This website uses cookies.