Stack Overflow
Stack Overflow

Questions tagged [wapiti]

Wapiti is a vulnerability scanner for web applications. It currently searches vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... It uses the Python programming language.

18 questions
9
votes
2 answers

How to pass user credentials through Wapiti Web Application Vulnerability Scanner

I would like to test our web application with the Wapiti scanner. In my scenario, I am assuming the attacker would be an authenticated user. How do I configure Wapiti to use a specific username and password on our login form so I can test the…
gidmanma
  • 1,464
  • 1
  • 16
  • 27
3
votes
1 answer

Wapiti Security tool: Getting "Invalid Syntax Error "

I followed the following steps: Install Python27 and also download wapiti, placed it inside c:\wapiti-2.2.1 . Set environment variable for python(var name : c:\python27). Open python command prompt. Change root directory for step 4 i have used…
Ankit
  • 203
  • 4
  • 11
3
votes
0 answers

Test my site with wapiti?

I ran wapiti with these args. In just a few seconds it finished and the report says there are no vulnerabilities. I remember one time it took many minutes to scan (it wasnt on my local machine tho) and i got many vulnerabilities. I can't remember…
user34537
2
votes
1 answer

wapiti crashes my ASP.NET project. Why? How do i fix it?

Heres one scan of Wapiti. I notice when i had images uploaded (users can upload) i get a crash before Launching module crlf. So just using a fresh instance of my site i ran this and got the result below. My questions are 1. How do i fix the…
user34537
2
votes
1 answer

What's wrong with my Wapiti commandline?

I'm using this command: wapiti.exe http://localhost/mysite/mypage.asp -v 2 -c blah.json And I get this output: Wapiti-2.3.0 (wapiti.sourceforge.net) Exception in lswww.browse: 'NoneType' object is not iterable Note ======== …
Michael12345
  • 2,520
  • 5
  • 23
  • 41
1
vote
1 answer

How do I pass Auth Bearer token to Wapiti web application vulnerability scanner?

I want to security test my web application as well as REST API'S but they require authenticated, How do I pass a Bearer token to it?
Harvindar Singh Garcha
  • 185
  • 1
  • 12
1
vote
2 answers

Understanding Wapiti results

I ran Wapiti on my webserver. I dump the database before and after, deleted the last line which is the timestamp and found both files have me the same hash value so i know the database hasnt been changed. But according to the report i failed a…
user34537
1
vote
1 answer

TypeError: 'NoneType' object is unsubscriptable with Wapiti

I am trying to scan my server for vulnerabilities and I'm using Wapiti to do it. Strangely, I get this error when I run it. What's wrong? root@server [~/wapiti-2.3.0/bin]# python wapiti http://my.ip.address.here Traceback (most recent call last): …
user1227914
  • 3,446
  • 10
  • 42
  • 76
1
vote
2 answers

Error: You have an outdated version of python-requests. Please upgrade

My issue is whenever I command wapiti it gives me this message: root@ kali: ~#wapiti Wapiti - 2.3.0(wapiti.sourceforge.net) Error: You have an outdated version of python - requests.Please upgrade I have upgraded it to the latest version…
Hamza
  • 27
  • 1
  • 1
  • 4
1
vote
1 answer

Using Wapiti on ASP login forms

Currently I'm trying to scan a web application with Wapiti. I was only curious if it is possible to use Wapiti on ASP login forms. I tried something like described on the following question. How to pass user credentials through Wapiti Web…
Nicholas
  • 1,189
  • 4
  • 20
  • 40
1
vote
1 answer

How to do wapiti security test step by step procedure in windows 7 (Its show no error)

Installed python 2.7 D:\wapiti\wapiti-2.2.1\src> python wapiti.py / -s i didnt get any errors. i got one html file with no error D:\wapiti\wapiti-2.2.1\src> python wapiti.py http://serverdomain/Dashboard/Index/…
Thiyagarajan
  • 327
  • 1
  • 6
  • 21
0
votes
0 answers

How to open wapiti report?

I ran the following command in my terminal (Linux Ubuntu 22.04) wapiti -u I have this return A report was generated in the /home/my_user/.wapiti/generated_report file Open /home/my_user/.wapiti/generated_report/file_example_name.html with a…
iWozzming
  • 13
  • 3
0
votes
1 answer

How to test webpages which are available only after signin?

I am testing my company's webpages using free vulnerability assessment tools like wapiti and nikto. The problem is that I have to test the webpages which are accessible to a user after they sign up and the tools don't have the capability to do…
Abhitay Shinde
  • 39
  • 6
0
votes
1 answer

php exec not working along with wapiti

I have a python script (wap.py) from which I am calling wapiti asynchronously using Popen. Command for it in wap.py: p = Popen("python wapiti domainName", shell = True) When I am running wap.py, it is executing completely fine. But when I am…
Rohit Agrawal
  • 1
  • 2
0
votes
0 answers

How to pass basic authentication using Wapiti

I am trying to pass basic authentication header using Wapiti but I'm getting 401 from the xml report. I am using the following command line; python wapiti --auth-method basic 'authorization':'Basic
Devinder Singh
  • 1
  • 2
1
2