|
|
Sponsored Content
The Lounge
What is on Your Mind?
Guido van Rossum resigns as Python Leader...
Post 303020102 by wisecracker on Friday 13th of July 2018 08:50:04 AM
07-13-2018
|
|
3 More Discussions You Might Find Interesting
1. Programming
Why process leader can not call setsid() (2 Replies)
Discussion started by: chenhao_no1
2 Replies
2. UNIX for Dummies Questions & Answers
All,
I have a file with text as shown below. I want the o/p file with generated values in the first column as shown in the o/p file. Pls note that the size of my file is 6 GB. How do i do this ?
Input file
999999abcdef
999999ghijkl
999999mnopq
777777rosesarered
777777skyisblue
Output... (1 Reply)
Discussion started by: ajfaq
1 Replies
3. What is on Your Mind?
Today, I am very pleased to announce the Poster of the Year Award, 2019 is Jeroen van Dijke (Scrutinizer)
Jeroen has been a member of unix.com just over 11 years (He first joined unix.com in November 2008) and has been a very valuable, reliable and thoughtful resource for countless people over... (3 Replies)
Discussion started by: Neo
3 Replies
LEARN ABOUT DEBIAN
wapiti
WAPITI(1) User Commands WAPITI(1) NAME
wapiti - a web application vulnerability scanner. SYNOPSIS
wapiti http://server.com/base/url/ [options] DESCRIPTION
Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. OPTIONS
-s, --start <url> specify an url to start with. -x, --exclude <url> exclude an url from the scan (for example logout scripts) you can also use a wildcard (*): Example : -x "http://server/base/?page=*&module=test" or -x "http://server/base/admin/*" to exclude a directory -p, --proxy <url_proxy> specify a proxy (-p http://proxy:port/) -c, --cookie <cookie_file> use a cookie -t, --timeout <timeout> set the timeout (in seconds) -a, --auth <login%password> set credentials (for HTTP authentication) doesn't work with Python 2.4 -r, --remove <parameter_name> removes a parameter from URLs -m, --module <module> use a predefined set of scan/attack options: GET_ALL: only use GET request (no POST) GET_XSS: only XSS attacks with HTTP GET method POST_XSS: only XSS attacks with HTTP POST method -u, --underline use color to highlight vulnerable parameters in output -v, --verbose <level> set the verbosity level: 0: quiet (default), 1: print each url, 2: print every attack -h, --help print help page EFFICIENCY
Wapiti is developed in Python and use a library called lswww. This web spider library does the most of the work. Unfortunately, the html parsers module within python only works with well formed html pages so lswww fails to extract information from bad-coded webpages. Tidy can clean these webpages on the fly for us so lswww will give pretty good results. In order to make Wapiti far more efficient, you should: apt-get install python-utidylib python-ctypes AUTHOR
Copyright (C) 2006-2007 Nicolas Surribas <nicolas.surribas@gmail.com> Manpage created by Thomas Blasing <thomasbl@pool.math.tu-berlin.de> http://wapiti.sourceforge.net/ July 2007 WAPITI(1)