Wapiti tutorial Kali Linux JONATHANS BLOG

This post is a wapiti tutorial. You’ll find various wapiti options, how to import wapiti scan results into metasploit and how you can disable wapiti modules to speed up your scans.

A basic one-liner command to get you started would be:

 wapiti http://example.org/cool-things -u -n 5 -b domain -v 2 -o /tmp/outfile.html

More about the command line arguments:

 -u, --color     use colours  
-b, --scope     set the scope of the scan:      
               page: only analyse the page given in the url     
               folder: analyse all urls in the root url given (default option)     
               domain: analyse all links to pages in the same domain  
-n, --nice      use this to prevent infinite loops, I usually go with 5  -f, 
--format        change the output format     
               json:     
               html:     
               openvas:     
               txt:     
               vulneranet:     
               xml:
  -v verbose     
               0: none     
               1: print each url     
               2: print each attack
  # if you don't specify a -v flag, then you get a blank screen for ages

These basics will help you build the first command above, and will show you what the options mean.
There is a man page for wapiti, which has lots of information in it, including how to exclude patterns (useful once you know more about a host and want to narrow in on a target)
the openvas format is good too, as it allows you to import into openvas.

Pages: 1 2 3 4 5

You Might Also Like

Blackarch on the chuwi hi10pro – install and config

AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks

Kali linux arachni tutorial

Leave a ReplyCancel reply