Wapiti 3.0.0 released! Web vulnerability scanner

[Nicolas SURRIBAS <nicolas.surribas () gmail com>]

Dear full-disclosure list,


I'm happy to announce that Wapiti 3.0.0 is now available for download.


This new release now relies on Python 3.

The majority of improvements were made to give you more control over
Wapiti's execution.

A session mechanism using sqlite3 allows you to stop the scan or/and
attacks and resume them later.

The new behavior, when you stop Wapiti during the attack process (with
Ctrl+C), is to let you choose between continuing, moving to the next
attack-module, exiting with or without generating the vulnerability report.

A total of nine options can now help you to finely control the scanner by
fixing the maximum allowed depth of crawling, skipping parameter names of
your choice in URLs and forms, setting the maximum delay for scanning,
choosing between 6 modes of scan force, and more !

The SOCKS5 proxy support is also back in this release.

Improvements have been made to existing attack modules. For example by
reducing false-positives for the blind sqli attack module.

Two new attack modules were added : buster (for directory/filename brute
forcing) and shellshock (not really new but here it is).

To users of previous versions : some options changed. The base URL must now
be given through the -u option.

More details on options can ge found in the manpage :

http://wapiti.sourceforge.net/wapiti.1.html


Requirements and installation procedure are described in the INSTALL file :

https://sourceforge.net/p/wapiti/code/HEAD/tree/trunk/INSTALL.md

Three video tutorials were made to show installation on Ubuntu/Kali,
openSUSE and Windows.


I hope you will enjoy this new release. Make Wapiti great again !

http://wapiti.sourceforge.net/

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/