This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Wapiti Project"

From OWASP
Jump to: navigation, search
 
(25 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== THIS PROJECT PAGE IS UNDER WORK AND CONTAINS WRONG INFORMATION ==
+
{|
 +
|-
 +
! width="700" align="center" | <br>
 +
! width="500" align="center" | <br>
 +
|-
 +
| align="right" |
  
 +
|}
 +
=Main=
  
[[:Project Information:template Wapiti Project|Click here to see (& edit, if wanted) the template.]]  
+
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
{{:Project Information:template Wapiti Project}}
+
<div style="width:100%;height:100px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div>
[[Category:OWASP Project]]
+
 
 +
 
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
==OWASP Wapiti Project==
 +
 
 +
Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scan the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
 +
 
 +
==Introduction==
 +
 
 +
Web application vulnerability scanner / security auditor.
 +
 
 +
 
 +
 
 +
==Description==
 +
 
 +
Wapiti allows to audit the security of web applications in an easy way. It performs a "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable. It has two principal parts, a crawler that explores the pages of the application and the attack module that injects the payloads and evaluates their responses. Wapiti is easy to use and it can detect the most common vulnerabilities (XSS, SQL Injection, File Handler Errors...). It provides to the user a complete report (html format) with the found vulnerabilities.
 +
 
 +
 
 +
==Licensing==
 +
OWASP Wapiti Project is free to use. It is licensed under the GNU Library or Lesser General Public License (LGPL).
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
== Project Leader ==
 +
 
 +
[mailto:[email protected] Nicolas Surribas]
 +
 
 +
 
 +
== Openhub ==
 +
 
 +
https://www.openhub.net/p/wapiti
 +
 
 +
Salesforge: https://sourceforge.net/projects/wapiti/
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 
 +
== Quick Download ==
 +
[http://sourceforge.net/projects/wapiti/ Download the latest release here].
 +
 
 +
== Email List ==
 +
 
 +
[https://lists.owasp.org/mailman/listinfo/owasp-wapiti-project Sign Up!]
 +
 
 +
== News and Events ==
 +
 
 +
==Classifications==
 +
 
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
 +
 
 +
|}
 +
 
 +
=FAQs=
 +
 
 +
; What are the features?
 +
: Features
 +
*Fast and easy to use
 +
*Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
 +
*Can suspend and resume a scan or an attack
 +
*Can give you colors in the terminal to highlight vulnerabilities
 +
*Different levels of verbosity
 +
*Adding a payload can be as easy as adding a line to a text file
 +
*Support HTTP and HTTPS proxies
 +
*Authentication via several methods : Basic, Digest, Kerberos or NTLM
 +
*Ability to restrain the scope of the scan (domain, folder, webpage)
 +
*Safeguards against scan endless-loops (max number of values for a parameter)
 +
*Can exclude some URLs of the scan and attacks (eg: logout URL)
 +
*Extract URLs from Flash SWF files
 +
*Try to extract URLs from javascript (very basic JS interpreter)
 +
*... and more features described on the website !
 +
 
 +
= Acknowledgements =
 +
==Volunteers==
 +
Wapiti is developed by a worldwide team of volunteers. The primary contributors to date have been:
 +
 
 +
* [mailto:[email protected] Alberto Pastor Nieto]
 +
 
 +
*[mailto:[email protected] David del Pozo González]
 +
 
 +
==Others==
 +
 
 +
= Road Map and Getting Involved =
 +
As of July, the priorities are:
 +
* xxx
 +
* xxx
 +
* xxx
 +
 
 +
Involvement in the development and promotion of Wapiti is actively encouraged!
 +
You do not have to be a security expert in order to contribute.
 +
Some of the ways you can help:
 +
* xxx
 +
* xxx
 +
 
 +
 
 +
 
 +
=Project About=
 +
{{:Projects/OWASP_Wapiti_Project_Page}}  
 +
 
 +
__NOTOC__ <headertabs />
 +
 
 +
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]

Latest revision as of 06:37, 23 February 2016



OWASP Inactive Banner.jpg


OWASP Wapiti Project

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scan the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Introduction

Web application vulnerability scanner / security auditor.


Description

Wapiti allows to audit the security of web applications in an easy way. It performs a "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable. It has two principal parts, a crawler that explores the pages of the application and the attack module that injects the payloads and evaluates their responses. Wapiti is easy to use and it can detect the most common vulnerabilities (XSS, SQL Injection, File Handler Errors...). It provides to the user a complete report (html format) with the found vulnerabilities.


Licensing

OWASP Wapiti Project is free to use. It is licensed under the GNU Library or Lesser General Public License (LGPL).


Project Leader

Nicolas Surribas


Openhub

https://www.openhub.net/p/wapiti

Salesforge: https://sourceforge.net/projects/wapiti/

Quick Download

Download the latest release here.

Email List

Sign Up!

News and Events

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg
What are the features?
Features
  • Fast and easy to use
  • Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
  • Can suspend and resume a scan or an attack
  • Can give you colors in the terminal to highlight vulnerabilities
  • Different levels of verbosity
  • Adding a payload can be as easy as adding a line to a text file
  • Support HTTP and HTTPS proxies
  • Authentication via several methods : Basic, Digest, Kerberos or NTLM
  • Ability to restrain the scope of the scan (domain, folder, webpage)
  • Safeguards against scan endless-loops (max number of values for a parameter)
  • Can exclude some URLs of the scan and attacks (eg: logout URL)
  • Extract URLs from Flash SWF files
  • Try to extract URLs from javascript (very basic JS interpreter)
  • ... and more features described on the website !

Volunteers

Wapiti is developed by a worldwide team of volunteers. The primary contributors to date have been:

Others

As of July, the priorities are:

  • xxx
  • xxx
  • xxx

Involvement in the development and promotion of Wapiti is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Wapiti Project
Purpose: Wapiti allows to audit the security of web applications in an easy way. It performs a "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable. It has two principal parts, a crawler that explores the pages of the application and the attack module that injects the payloads and evaluates their responses. Wapiti is easy to use and it can detect the most common vulnerabilities (XSS, SQL Injection, File Handler Errors...). It provides to the user a complete report (html format) with the found vulnerabilities.
License: GNU Library or Lesser General Public License (LGPL)
who is working on this project?
Project Leader(s):
  • Nicolas Surribas @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Nicolas Surribas @ to contribute to this project
  • Contact Nicolas Surribas @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases

This category currently contains no pages or media.