Logo Search packages:      
Sourcecode: wapiti version File versions  Download package

wapiti::wapiti Class Reference

List of all members.


Detailed Description

Wapiti-1.1.6 - A web application vulnerability scanner

Usage: wapiti http://server.com/base/url/ [options]

Supported options are:
-s <url>
--start <url>
To specify an url to start with

-x <url>
--exclude <url>
To exclude an url from the scan (for example logout scripts)
You can also use a wildcard (*)
Exemple : -x "http://server/base/?page=*&module=test"
or -x http://server/base/admin/* to exclude a directory

-p <url_proxy>
--proxy <url_proxy>
To specify a proxy
Exemple: -p http://proxy:port/

-c <cookie_file>
--cookie <cookie_file>
To use a cookie

-t <timeout>
--timeout <timeout>
To fix the timeout (in seconds)

-a <login%password>
--auth <login%password>
Set credentials for HTTP authentication
Doesn't work with Python 2.4

-r <parameter_name>
--remove <parameter_name>
Remove a parameter from URLs

-m <module>
--module <module>
Use a predefined set of scan/attack options
GET_ALL: only use GET request (no POST)
GET_XSS: only XSS attacks with HTTP GET method
POST_XSS: only XSS attacks with HTTP POST method

-u
--underline
Use color to highlight vulnerables parameters in output

-v <level>
--verbose <level>
Set the verbosity level
0: quiet (default), 1: print each url, 2: print every attack

-h
--help
To print this usage message

Definition at line 29 of file wapiti.py.


Public Member Functions

def __init__
def addBadParam
def addExcludedURL
def addStartURL
def attack
def attackCRLF
def attackExec
def attackExec_POST
def attackFileHandling
def attackFileHandling_POST
def attackGET
def attackInjection
def attackInjection_POST
def attackPOST
def attackXSS
def attackXSS_POST
def browse
def permanentXSS
def setAuthCredentials
def setColor
def setCookieFile
def setCRLF
def setExec
def setFileHandling
def setGET
def setGlobal
def setInjection
def setPOST
def setProxy
def setTimeOut
def setXSS
def verbosity

Public Attributes

 auth_basic
 color
 cookie
 doCRLF
 doExec
 doFileHandling
 doGET
 doInjection
 doPOST
 doXSS
 forms
 myls
 proxy
 root
 server
 timeout
 urls
 verbose

Static Public Attributes

list attackedGET = []
list attackedPOST = []
list auth_basic = []
list bad_params = []
int color = 0
string cookie = ""
int doCRLF = 1
int doExec = 1
int doFileHandling = 1
int doGET = 1
int doInjection = 1
int doPOST = 1
int doXSS = 1
list forms = []
string myls = ""
dictionary proxy = {}
string root = ""
string server = ""
int timeout = 6
list urls = []
int verbose = 0

The documentation for this class was generated from the following file:

Generated by  Doxygen 1.6.0   Back to index