wapiti - Trickest Platform Documentation

Name:wapiti

Category:Scanners

Publisher:trickest-mhmdiaa

Created:9/7/2022

Container:quay.io/trickest/wapiti:3.1.3

Output Type:

License:Unknown

Source:View Source

Parameters

url

string

required

--urlThe base URL used to define the scan scope

data

string

--dataUrlencoded data to send with the base URL if it is a POST request

skip

string

--skipSkip attacking given parameter(s)

color

boolean

--colorColorize output

depth

string

--depthSet how deep the scanner should explore the website

level

string

--levelSet attack level

proxy

string

--proxySet the HTTP(S) proxy to use. Supported: http(s) and socks proxies

scope

string

--scopeSet scan scope (page, folder, domain, url, or punk)

start

string

--startAdds a url to start scan with

tasks

string

--tasksNumber of concurrent tasks to use for the exploration (crawling) of the target.

--cookieSet a JSON cookie file to use.

format

string

--formatSet output format. Supported: csv, html, json, txt, xml. Default is html.

header

string

--headerSet a custom header to use for every requests

module

string

--moduleList of modules to load

remove

string

--removeRemove this parameter from urls

exclude

string

--excludeAdds a url to exclude from the scan

timeout

string

--timeoutSet timeout for requests in seconds

verbose

string

--verboseSet verbosity level (0: quiet, 1: normal, 2: verbose)

endpoint

string

--endpointURL serving as endpoint for both attacker and target

auth-cred

string

--auth-credSet HTTP authentication credentials

auth-type

string

--auth-typeSet the authentication type to use (basic, digest, ntlm, or post)

scan-force

string

--scan-forceEasy way to reduce the number of scanned and attacked URLs. Possible values: paranoid, sneaky, polite, normal, aggressive, insane

user-agent

string

--user-agentSet a custom user-agent to use for every requests

verify-ssl

string

--verify-sslSet SSL check (0 or 1, default is 0)

dns-endpoint

string

--dns-endpointDomain serving as DNS endpoint for Log4Shell attack

no-bugreport

boolean

--no-bugreportDon't send automatic bug report when an attack module fails

max-scan-time

string

--max-scan-timeSet how many seconds you want the scan to last (floats accepted)

max-parameters

string

--max-parametersURLs and forms having more than MAX input parameters will be erased before attack.

--drop-set-cookieIgnore Set-Cookie header from HTTP responses

max-attack-time

string

--max-attack-timeSet how many seconds you want each attack module to last (floats accepted)

external-endpoint

string

--external-endpointURL serving as endpoint for target

internal-endpoint

string

--internal-endpointURL serving as endpoint for attacker

max-files-per-dir

string

--max-files-per-dirSet how many pages the scanner should explore per directory

max-links-per-page

string

--max-links-per-pageSet how many (in-scope) links the scanner should extract for each page

Library

Parameters