summaryrefslogtreecommitdiffstats
path: root/wapiti
diff options
context:
space:
mode:
Diffstat (limited to 'wapiti')
-rw-r--r--wapiti/.SRCINFO31
-rw-r--r--wapiti/ChangeLog398
-rw-r--r--wapiti/PKGBUILD41
3 files changed, 470 insertions, 0 deletions
diff --git a/wapiti/.SRCINFO b/wapiti/.SRCINFO
new file mode 100644
index 0000000..2dfd12f
--- /dev/null
+++ b/wapiti/.SRCINFO
@@ -0,0 +1,31 @@
1pkgbase = wapiti
2 pkgdesc = Comprehensive web app vulnerability scanner written in Python
3 pkgver = 3.1.3
4 pkgrel = 1
5 url = https://wapiti-scanner.github.io
6 changelog = ChangeLog
7 arch = any
8 license = GPL
9 makedepends = python-setuptools
10 depends = python
11 depends = python-requests
12 depends = python-beautifulsoup4
13 depends = python-lxml
14 depends = python-yaswfp
15 depends = python-browser-cookie3
16 depends = python-mako
17 depends = python-python-socks
18 depends = python-tld
19 depends = python-httpx
20 depends = python-aiocache
21 depends = python-aiosqlite
22 depends = python-sqlalchemy
23 depends = python-loguru
24 depends = python-cryptography
25 optdepends = python-requests-kerberos: Kerberos authentication
26 optdepends = python-requests-ntlm: NTLM authentication
27 options = zipman
28 source = https://github.com/wapiti-scanner/wapiti/releases/download/3.1.3/wapiti3-3.1.3.tar.gz
29 sha256sums = 83ffef39199f92f530f7de7b47dbfb93ab2c9c97d3bbee93473084cba5796c61
30
31pkgname = wapiti
diff --git a/wapiti/ChangeLog b/wapiti/ChangeLog
new file mode 100644
index 0000000..ff8f2a5
--- /dev/null
+++ b/wapiti/ChangeLog
@@ -0,0 +1,398 @@
109/07/2022
2 Wapiti 3.1.3
3 Reports: Add a new --detailed-report option that will put HTTP responses (headers and bodies) in the report.
4 Crawler: Add a new --mitm-port option that will replace the crawler with an intercepting proxy (mitmproxy)
5 Core: Dropped support of Python 3.7
6
713/05/2022
8 Wapiti 3.1.2
9 mod_http_headers: Deprecate X-XSS-Protection header
10 mod_drupal_enum: Reduce false positives
11 mod_csp: Rework some WSTG categories
12 Crawler: Fix crash caused by unclosed async httpx responses
13
1423/02/2022
15 Wapiti 3.1.1
16 Crawler: Fix a bug preventing Wapiti to scan websites with bad ciphers (SSL 3, TLS 1.0 for example)
17 Report: Add some unicode emojis in the HTML report to indicate the criticality of each vulnerability
18 XXE: more payloads to target non-PHP applications + raise a warning when the DTD file was reached by the target but exfiltration didn't succeed
19 CLI: --update option will only update chosen modules
20 CLI: New --data option allows to launch attacks on a single POST request. This option expect a url-encoded string.
21
2206/02/2022
23 Wapiti 3.1.0
24 Crawler: Fix passing named "button" tags in HTML forms
25 Modules: Skip modules that fails to load properly (missing dependencies, code error, etc)
26 Log4Shell: Attack POST parameters too, support for attacks on VMWare vSphere and some Apache products (Struts, Druid and Solr)
27 CSRF: Django anti-CSRF token added to the whitelist
28 Modules: Added references to WSTG code for each supported attack, separate Reflected XSS from Stored XSS in reports
29 Crawler: Improved the parsing of HTML redirections (meta refresh)
30 HashThePlanet: Added a new module to detect technologies and software versions based on the hashes of files.
31 Crawler: Removed httpx-socks dependencies in favor of builtin SOCKS support in httpx. SOCKS support is fixed.
32 Crawler: Upgraded httpcore to latest version in order to fix the ValueError exception that could occur on modules with high concurrency (buster, nikto)
33 Core: Load correctly resources if Wapiti is running from an egg file.
34
3515/12/2021
36 Wapiti 3.0.9
37 CLI: New "passive" module option allows to use less aggressives modules only
38 WP_ENUM: Improve detection of Wordpress
39 SSL: New module to check TLS/SSL configuration, powered by SSLyze
40 Log4Shell: New attack module to detect the infamous vulnerability
41
4218/11/2021
43 Wapiti 3.0.8
44 CLI: prevent users from using -a without specifying --auth-type (and vice versa)
45 Crawler: Upgrade HTTP related dependencies (httpx, httpcore, httpx-socks)
46
4714/10/2021
48 Wapiti 3.0.7
49 Crawler: Extract URLs from AngularJS based websites
50 Crawler: Support HTTP responses compressed with Brotli
51 Crawler: Fix handling of upload forms (due to moving to httpx), handling of button fields having a value
52 CLI: Added option to log output to a file
53 Modules: Increased speed of modules Nikto, buster, drupal_enum, brute_login_form thank to concurrency
54 Modules: Added a module to detect subdomain takeovers
55 XSS: Removed references to wapiti3.ovh for XSS payloads
56 Modules: Fixed some false positives in modules backup, Nikto and SQL
57 Modules: Upgrade Wappalyzer module
58 Crawler: Upgrade HTTP related dependencies (httpx, httpcore)
59
6013/05/2021
61 Wapiti 3.0.5
62 SQL: boolean based blind SQL injection support added
63 Report: added CSV as output format
64 Cookie: you can drop cookies from HTTP responses with --drop-set-cookie
65 Cookie: you can load cookies from your browser with -c <chrome or firefox>
66 Session: fixed an issue that could cause URLs being rescanned when resuming a session
67 CMS: New modules to detect versions and installed modules for Wordpress and Drupal
68 Fingerprinting: several issues fixed on mod_wapp
69 Crawler: HTTP requests are processed concurrently for faster crawling. Check the new --tasks option.
70
7120/02/2021
72 Wapiti 3.0.4
73 XSS: improved context awareness of HTML webpage, payloads can now use the existing HTML tags without closing them
74 XSS: greatly reduced number of false negatives while slightly reducing false positives
75 XSS: the module will also check for the CSP header and warn if reflection was found while a strong CSP seems present
76 XSS: reduced memory and CPU consumption
77 XSS: added more payloads to bypass filters and WAF
78 Exec: added a few more payloads
79 SQL: more heuristics to detect DBMS used on the target
80 Wappalyzer module allows to detect software used by a website, along with versions
81 New module to check the security settings of Cookies (HttpOnly, secure, etc)
82 New module to check the security settings for HTTP headers (Strict-Transport-Security, X-Frame-Options, etc)
83 New module to check the security settings for Content-Security-Policy
84 New module to check for forms vulnerable to CSRF (either no anti-CSRF token is present or it is not well implemented)
85 New module to brute-force found login forms with known default credentials (admin/admin, demo/demo, etc)
86 New --update option allows to get last updates for detections databases (Wappalyzer and Nikto)
87 New --max-attack-time options allows to limit the execution time of each attack module
88 New --store-config options allows to set the path for Wapiti configuration files (detection databases)
89 Combining the new "-a post" authentication option along with -s allows to login on the target without using wapiti-getcookie
90 Removed jQuery dependency
91 Fixed several issues with endpoints
92
9320/02/2020
94 Wapiti 3.0.3
95 An important work was made to reduce false positives in XSS detections.
96 That research involved scanning more than 1 million websites to discover those issues.
97 More details here: http://devloop.users.sourceforge.net/index.php?article217/one-crazy-month-of-web-vulnerability-scanning
98
9902/09/2019
100 Wapiti 3.0.2
101 New XXE module cans end payloads in parameters, query string, file uploads and raw body.
102 New module for detection Open Redirect vulnerabilities (header based our HTML meta based or JS based).
103 Fixed domain scope scanning.
104 Reduced false positives in attack modules (specially time based ones).
105 Reduced invalid links generated by js analysis and ignore obviously malformed HTML links.
106 Do not crawl CSS files and remove query strings from JS files when crawling.
107 Improved and changed existing payloads.
108 Improved extracting forms from HTML pages (radio buttons / select, ...)
109 Support for more POST enctypes (sending XML or JSON for example, currently only leveraged by mod_xxe)
110 --store-session option allow to specify a path where .db and .pkl files are stored.
111 --endpoint --internal-endpoint --external-endpoint options to set your own endpoint and receive requests from target
112 Authentications options can now be used with wapiti-getcookie.
113 Js parser can now deal with HTML comments.
114 More comprehensive choices when doing Ctrl+C during scan (eg: 'c' to continue, 'q' to quit)
115 Fixed lot of bugs thank to received crash dumps.
116
11711/05/2018
118 Wapiti 3.0.1
119 New module mod_methods to detect interesting methods which might be allowed by scripts (PUT, PROPFIND, etc)
120 New module mod_ssrf to detect Server Side Request Forgery vulnerabilities (requires Internet access)
121 Improved mod_xss and mod_permanentxss modules to reduce false positives.
122 Changed some XSS payloads for something more visual (banner at top the the webpage).
123 Changed bug reporting URL.
124 Fixed issue #54 in lamejs JS parser.
125 Removed lxml and libxml2 as a dependency. That parser have difficulties to parse exotic encodings.
126
12703/01/2017
128 Release of Wapiti 3.0.0
129
13002/01/2018
131 Added --list-modules and --resume-crawl options.
132
13323/12/2017
134 Ported to Python3.
135 Persister rewritten to use sqlite3 databases (for session management).
136 Added ascii-art because you know... it's an attack tool so it's required feature.
137 Changed output format (stdout) to something more like sqlmap output.
138 python-lxml and libxml2 are required dependencies unless you opt-out with --with-html5lib at setup.
139 SOCKS5 proxy support is back.
140 New -u mandatory option must be use to specify the base URL.
141 Added -d (--depth) option to limit the maximum depth of links following.
142 Added -H (--header) option to add HTTP headers to every request.
143 Added -A (--user-agent) option to set the User-Agent string.
144 Added --skip option to skip parameters during attacks.
145 Added -S (--scan-force) option to control the ammount of requests sent for attacks.
146 Added --max-parameters to not attack URLs anf forms having more than X input parameters.
147 Added -l (--level) option to allow attacking query strings without parameters.
148 Added --max-scan-time option to stop the scan after the given amount of minutes.
149 Added a buster module for directory and file busting.
150 Added a Shellshock detection module.
151 Added buitin list of well known parameters to skip during attack.
152 More control on execution flow when KeyboardInterrupt is triggered.
153 Reduced false-positives situations on time-based attacks (mainly blind_sql)
154 Replace getopt for argparse.
155 Fixed bugs related to obtaining user's locale (issue #20).
156 Enhancement to support new CVE notation [issue 37).
157 Can now report minor issues (notices) besides anomalies and vulnerabilities.
158 Added mod_delay module to report time consuming webpages.
159 Renamed some options (should be easier to remember).
160 More exec, file, xss payloads.
161 Fixed a bug with JSON cookie management for IPv6 addresses and custom ports.
162 XSS attack module can escape HTML comments for payload generation.
163 Fixed -r issue on URLs having only one parameter.
164 No SSL/TLS check by default (--verify-ssl behavior).
165 Added a Mutator class for easy payload injection in parameters.
166 Rewrote report generators, added Mako as a dependency for HTML reports. Less JS.
167 Crash report are send to a website, opt-out with --no-bugreport.
168 Improvements on backup, sql and exec modules submitted by Milan Bartos.
169 Payload files can now include special flags that will be interpreted by Wapiti.
170 wapiti-cookie and wapiti-getcookie were merged in a new wapiti-getcookie tool.
171
172
17320/10/2013
174 Version 2.3.0
175 Fixed a colosseum of bugs, especially related to unicode.
176 Software is much more stable.
177 New report template for HTML (using Kube CSS).
178 Using v2.1.5 of Nikto database for mod_nikto.
179 Replaced httplib2 with (python-)requests for everything related to HTTP.
180 Remove BeautifulSoup from package. It is still required however.
181 Core rewrite (PEP8 + more Pythonic)
182 New payloads for the backup, XSS, blind SQL, exec and file modules + more
183 detection rules.
184 So many improvements on lswww (crawler) that I can't make a list here. But
185 Wapiti reached 48% on Wivet.
186 Wapiti cookie format is now based on JSON.
187 Removed SOCKS proxy support (you will have to use a HTTP to SOCKS proxy).
188 Added a HTTPResource class for easier module creation.
189 Code restructuration for better setup.
190 Attack of parameters in query string even for HTTP POST requests.
191 Attack on file uploads (injection in file names).
192 Simpler (and less buggy) colored output with -c.
193 A CURL PoC is given for each vulnerability/anomaly found + raw HTTP
194 request representation in reports.
195 No more parameter reordering + can handle parameters repetition.
196 Added a JSON report generator + fixed the HTML report generator.
197 Added an option to not check SSL certificates.
198 mod_xss : noscipt tag escaping.
199 Can work on parameters that don't have a value in query string.
200 mod_crlf is not activated by default anymore (must call it with -m).
201 Startings URLs (-s) will be fetched even if out of scope.
202 Proxy support for wapiti-getcookie. and wapiti-cookie.
203 Attempt to bring an OpenVAS report generator.
204 Added an home-made SWF parser to extract URLs from flash files.
205 Added an home-made (and more than basic) JS interpreter based on the
206 pynarcissus parser. Lot of work still needs to be done on this.
207 New logo and webpage at wapiti.sf.net.
208 Added german and malaysian translations.
209 Added a script to create standalone archive for Windows (with py2exe).
210
21129/12/2009
212 Version 2.2.1 (already)
213 Bugfixes only
214 Fixed a bug in lswww if root url is not given complete.
215 Fixed a bug in lswww with a call to BeautifulSoup made on non text files.
216 Fixed a bug that occured when verbosity = 2. Unicode error on stderr.
217 Check the document's content-type and extension before attacking files on
218 the query string.
219 Added a timeout check in the nikto module when downloading the database.
220
22128/12/2009
222 Version 2.2.0
223 Added a manpage.
224 Internationalization : translations of Wapiti in spanish and french.
225 Options -k and -i allow the scan to be saved and restored later.
226 Added option -b to set the scope of the scan based on the root url given.
227 Wrote a library to save handle cookies and save them in XML format.
228 Modules are now loaded dynamically with a dependency system.
229 Rewrote the -m option used to activate / deactivate attack modules.
230 New module to search for backup files of scripts on the target webserver.
231 New module to search for weakly configured .htaccess.
232 New module to search dangerous files based on the Nikto database.
233 Differ "raw" XSS from "urlencoded" XSS.
234 Updated BeautifulSoup to version 3.0.8.
235 Better encoding support for webpages (convert to Unicode)
236 Added "resource consumption" as a vulnerability type.
237 Fixed bug ID 2779441 "Python Version 2.5 required?"
238 Fixed bug with special characters in HTML reports.
239
24005/04/2008
241 Added more patterns for file handling vulnerabilities in PHP.
242 Added GET_SQL and POST_SQL as modules (-m) for attacks.
243 Modifier getcookie.py and cookie.py so they try to get the cookies
244 even if cookielib fails.
245
24627/03/2007
247 Updated ChangeLogs
248
24926/03/2009
250 Fixed bug ID 2433127. Comparison was made with HTTP error codes
251 on numeric values but httplib2 return the status code as a string.
252 Forbid httplib2 to handle HTTP redirections. Wapiti and lswww will
253 take care of this (more checks on urls...)
254 Fixed a bug with Blind SQL attacks (the same attack could be launched
255 several times)
256 Fixed an error in blindSQLPayloads.txt.
257 Changed the error message when Wapiti don't get any data from lswww.
258 Verifications to be sure blind SQL attacks won't be launched if "standard"
259 SQL attacks works.
260
26125/03/2009
262 Exported blind SQL payloads from the code. Now in config file
263 blindSQLPayloads.txt.
264 Set timeout for time-based BSQL attacks to timetout used for HTTP
265 requests + 1 second.
266 Added Blind SQL as a type of vulnerability in the report generator.
267 More verbosity for permanent XSS scan.
268 More docstrings.
269 Updated the REAME.
270
27124/03/2009
272 Added some docstring to the code.
273 Removed warnign on alpha code.
274 First Blind SQL Injection implementation in Wapiti.
275 Fixed some timeout errors.
276
27722/03/2009
278 Fixed character encoding error in sql injection module.
279 Changed the md5 and sha1 import in httplib2 to hashlib.
280
28128/11/2008
282 Google Charts API is added to generate the charts of the reports.
283
28415/11/2008
285 Re-integration of standard HTTP proxies in httplib2.
286 Integration of HTTP CONNECT tunneling in Wapiti.
287 Fixed bug ID 2257654 "getcookie.py error missing action in html form"
288
28902/11/2008
290 Integraded the proxy implementation of httplib2 in Wapiti.
291 Can now use SOCKSv5 and SOCKSv4 proxies.
292
29322/10/2008
294 Fixed a bug with Cookie headers.
295
29619/10/2008
297 Remplaced urllib2 by httplib2.
298 Wapiti now use persistent HTTP connections, speed up the scan.
299 Included a python SOCKS library.
300
30109/10/2008
302 Version 2.0.0-beta
303 Added the possibility to generate reports of the vulnerabilities found
304 in HTML, XML or plain-text format. See options -o and -f.
305 HTTP authentification now works.
306 Added the option -n (or --nice) to prevent endless loops during scanning.
307 More patterns for SQL vulnerability detection
308 Code refactoring : more clear and more object-oriented
309 New XSS function is now fully implemented
310 The payloads have been separated from the code into configuration files.
311 Updated BeautifulSoup
312
31315/09/2008
314 Version 1.1.7-alpha
315 Use GET method if not specified in "method" tag
316 Keep an history of XSS payloads
317 New XSS engine for GET method using a list of payloads to bypass filters
318 New module HTTP.py for http requests
319 Added fpassthru to file handling warnings
320 Added a new new detection string for MS-SQL, submitted by Joe McCray
321
32228/01/2007
323 Version 1.1.6
324 New version of lswww
325
32624/10/2006
327 Version 1.1.5
328 Wildcard exclusion with -x (--exclude) option
329
33022/10/2006
331 Fixed a typo in wapiti.py (setAuthCreddentials : one 'd' is enough)
332 Fixed a bug with set_auth_credentials.
333
33407/10/2006
335 Version 1.1.4
336 Some modifications have been made on getccokie.py so it can work
337 on Webmin (and probably more web applications)
338 Added -t (--timeout) option to set the timeout in seconds
339 Added -v (--verbose) option to set the verbosity. Three available
340 modes :
341 0: only print found vulnerabilities
342 1: print current attacked urls (existing urls)
343 2: print every attack payload and url (very much information... good
344 for debugging)
345 Wapiti is much more modular and comes with some functions to set scan
346 and attack options... look the code ;)
347 Some defaults options are available as "modules" with option -m
348 (--module) :
349 GET_XSS: only scan for XSS with HTTP GET method (no post)
350 POST_XSS: XSS attacks using POST and not GET
351 GET_ALL: every attack without POST requests
352
35312/08/2006
354 Version 1.1.3
355 Fixed the timeout bug with chunked responses
356 (ID = 1536565 on SourceForge)
357
35809/08/2006
359 Version 1.1.2
360 Fixed a bug with HTTP 500 and POST attacks
361
36205/08/2006
363 Version 1.1.1
364 Fixed the UnboundLocalError due to socket timeouts
365 (bug ID = 1534415 on SourceForge)
366
36727/07/2006
368 Version 1.1.0 with urllib2
369 Detection string for mysql_error()
370 Changed the mysql payload (see http://shiflett.org/archive/184 )
371 Modification of the README file
372
37322/07/2006
374 Added CRLF Injection.
375
37620/07/2006
377 Added LDAP Injection and Command Execution (eval, system, passthru...)
378
37911/07/2006
380 -r (--remove) option to remove parameters from URLs
381 Support for Basic HTTP Auth added but don't work with Python 2.4.
382 Proxy support.
383 Now use cookie files (option "-c file" or "--cookie file")
384 -u (--underline) option to highlight vulnerable parameter in URL
385 Detect more vulnerabilities.
386
38704/07/2006:
388 Now attacks scripts using QUERY_STRING as a parameter
389 (i.e. http://server/script?attackme)
390
39123/06/2006:
392 Version 1.0.1
393 Can now use cookies !! (use -c var=data or --cookie var=data)
394 Two utilities added : getcookie.py (interactive) and cookie.py (command line) to get a cookie.
395 Now on Sourceforge
396
39725/04/2006:
398 Version 1.0.0
diff --git a/wapiti/PKGBUILD b/wapiti/PKGBUILD
new file mode 100644
index 0000000..d645313
--- /dev/null
+++ b/wapiti/PKGBUILD
@@ -0,0 +1,41 @@
1# Maintainer : Yigit Sever <yigit at yigitsever dot com>
2# Contributor : Kr1ss $(echo \<kr1ss+x-yandex+com\>|sed s/\+/./g\;s/\-/@/)
3# Contributor : mickael9 <mickael9 at gmail dot com>
4
5pkgname=wapiti
6pkgver=3.1.3
7_name="$pkgname${pkgver:0:1}"
8pkgrel=1
9pkgdesc='Comprehensive web app vulnerability scanner written in Python'
10arch=('any')
11url="https://$pkgname-scanner.github.io"
12license=('GPL')
13makedepends=('python-setuptools')
14depends=('python' 'python-requests' 'python-beautifulsoup4' 'python-lxml' 'python-yaswfp'
15 'python-browser-cookie3' 'python-mako' 'python-python-socks' 'python-tld' 'python-httpx'
16 'python-aiocache' 'python-aiosqlite' 'python-sqlalchemy' 'python-loguru' 'python-cryptography')
17optdepends=('python-requests-kerberos: Kerberos authentication'
18 'python-requests-ntlm: NTLM authentication')
19options=('zipman')
20changelog=ChangeLog
21source=("https://github.com/$pkgname-scanner/$pkgname/releases/download/$pkgver/$_name-$pkgver.tar.gz")
22sha256sums=('83ffef39199f92f530f7de7b47dbfb93ab2c9c97d3bbee93473084cba5796c61')
23
24prepare() {
25 rm -rf "$_name-$pkgver/tests"
26}
27
28build() {
29 cd "$_name-$pkgver"
30 sed -i '/mitmproxy==8.0.0/s/==8.0.0/>=8.0.0/' setup.py
31 sed -i '/dnspython==2.1.0/s/==2.1.0/>=2.1.0/' setup.py
32 sed -i '/cryptography==36.0.2/s/==36.0.2/>=36.0.2/' setup.py
33 sed -i '/browser-cookie3==0.11.4/s/==0.11.4/>=0.11.4/' setup.py
34 sed -i '/importlib_metadata==3.7.2/s/==3.7.2/>=3.7.2/' setup.py
35 python setup.py build
36}
37
38package() {
39 cd "$_name-$pkgver"
40 PYTHONHASHSEED=0 python setup.py install --root="$pkgdir" --optimize=1 --skip-build
41}