Perl Script for Wapiti Web application vulnerability scanner / security auditor

From: security@replica-solutions.de
Date: Fri Aug 25 2006 - 04:08:27 EDT

Next message: Justin Polazzo: "RE: Pen-testing/auditing MS Exchange Servers."
Previous message: intel96: "Re: pentest physical security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Scanner & start.pl Download -> http://www.replica-solutions.de/index.php?ind=downloads&op=entry_view&iden=17

I have coded start.pl to handle the scanner easier...

in future i will code in the perl script all the other commands from the Scanner in -> "it's done when it's done".

Here is the First Simple Version for Basic Handling:

------ code begin ------
#!/usr/bin/perl

use Socket;
print "Wapiti Standart use comfortable Perl Script v1.0\n";
print "by Sourcecode (sourcecode(AT)replica-solutions(DOT)de)\n";
print "HTTP: www.replica-solutions.de\n\n";
print "Hostname Syntax : 192.168.1.1 or http://www.yourhost.com \n";
print "enter the IP or the Hostname from the Page you like to test\n\n Enter Host or IP:\n";
$scan_host = <STDIN>;
chop($scan_host);
print "enter the Url wich you want to exclude \n from this Scan (press return without input if \n you want to scan all!\n\n Enter Path or leave Blank:";
$exclude_path = <STDIN>;
chop($exclude_path);
my $Output = system("python wapiti.py $scan_host -x $host $exclude_path -u");
print "$Output";

------ code end ------

for my personal use, i've added hardcoded Proxy Support:

------ code begin ------
#!/usr/bin/perl
$proxy_ip = 127.0.0.1;
$proxy_port = 8118;

use Socket;
print "Wapiti Standart use comfortable Perl Script v1.0\n";
print "by Sourcecode (sourcecode(AT)replica-solutions(DOT)de)\n";
print "HTTP: www.replica-solutions.de\n\n";
print "Hostname Syntax : 192.168.1.1 or http://www.yourhost.com \n";
print "enter the IP or the Hostname from the Page you like to test\n\n Enter Host or IP:\n";
$scan_host = <STDIN>;
chop($scan_host);
print "enter the Url wich you want to exclude \n from this Scan (press return without input if \n you want to scan all!\n\n Enter Path or leave Blank:\n";
$exclude_path = <STDIN>;
chop($exclude_path);
my $Output = system("python wapiti.py $scan_host -x $host $exclude_path -u -p $proxy_ip:$proxy_port");
print "$Output";

------code end------

enjoy :)
--
yet another Exploit Source : http://www.replica-solutions.de
Warum ich kein Linux benutze: http://tinyurl.com/hjv5h
Nmap in combination with other Linux tools: http://tinyurl.com/pknlw

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Next message: Justin Polazzo: "RE: Pen-testing/auditing MS Exchange Servers."
Previous message: intel96: "Re: pentest physical security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:48 EDT