Logo Search packages:      
Sourcecode: wapiti version File versions  Download package

wapiti::wapiti Class Reference

List of all members.

Detailed Description

Wapiti-1.1.6 - A web application vulnerability scanner

Usage: wapiti http://server.com/base/url/ [options]

Supported options are:
-s <url>
--start <url>
To specify an url to start with

-x <url>
--exclude <url>
To exclude an url from the scan (for example logout scripts)
You can also use a wildcard (*)
Exemple : -x "http://server/base/?page=*&module=test"
or -x http://server/base/admin/* to exclude a directory

-p <url_proxy>
--proxy <url_proxy>
To specify a proxy
Exemple: -p http://proxy:port/

-c <cookie_file>
--cookie <cookie_file>
To use a cookie

-t <timeout>
--timeout <timeout>
To fix the timeout (in seconds)

-a <login%password>
--auth <login%password>
Set credentials for HTTP authentication
Doesn't work with Python 2.4

-r <parameter_name>
--remove <parameter_name>
Remove a parameter from URLs

-m <module>
--module <module>
Use a predefined set of scan/attack options
GET_ALL: only use GET request (no POST)
GET_XSS: only XSS attacks with HTTP GET method
POST_XSS: only XSS attacks with HTTP POST method

Use color to highlight vulnerables parameters in output

-v <level>
--verbose <level>
Set the verbosity level
0: quiet (default), 1: print each url, 2: print every attack

To print this usage message

Definition at line 29 of file wapiti.py.

Public Member Functions

def __init__
def addBadParam
def addExcludedURL
def addStartURL
def attack
def attackCRLF
def attackExec
def attackExec_POST
def attackFileHandling
def attackFileHandling_POST
def attackGET
def attackInjection
def attackInjection_POST
def attackPOST
def attackXSS
def attackXSS_POST
def browse
def permanentXSS
def setAuthCredentials
def setColor
def setCookieFile
def setCRLF
def setExec
def setFileHandling
def setGET
def setGlobal
def setInjection
def setPOST
def setProxy
def setTimeOut
def setXSS
def verbosity

Public Attributes


Static Public Attributes

list attackedGET = []
list attackedPOST = []
list auth_basic = []
list bad_params = []
int color = 0
string cookie = ""
int doCRLF = 1
int doExec = 1
int doFileHandling = 1
int doGET = 1
int doInjection = 1
int doPOST = 1
int doXSS = 1
list forms = []
string myls = ""
dictionary proxy = {}
string root = ""
string server = ""
int timeout = 6
list urls = []
int verbose = 0

The documentation for this class was generated from the following file:

Generated by  Doxygen 1.6.0   Back to index