Hey Folks, in this tutorial we are going to talk about an web application security scanner tool called “WAScan“. WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and it can run on any platform which has a Python environment.

Credit : github.com

Let’s take a look !!

Installation

To successfully configure this tool we have to follow the given steps consecutively. After executing the git command the tool will be automatically downloaded to our system after which we can go to the directory and boot this tool using python command.

git clone https://github.com/m4ll0k/WAScan.git
cd WAScan
python wascan.py123git clone
https://github.com/m4ll0k/WAScan.gitcd WAScanpython wascan.py


Features

You can see all the available features in this tool by executing the following command. But you don’t have to be so nervous to use this tool as it gives us all examples to use the features of this tool.

python wascan.py1python wascan.py


Basic Scan – Fingerprint

Just after giving the “–url” argument to the command, we have to enter our target details. As you can see in the image above there are six levels of scans in this tool where by default it runs at level 0. We get the same result after executing the command which is mentioned in the tool such as header, server version, waf, technology etc.

python wascan.py --url http://testphp.vulnweb.com1python wascan.py--url http://testphp.vulnweb.com


Disclosure – Email and Passwords

By using the disclosure option we can get sensitive data available on target web application.

python wascan.py --url http://testphp.vulnweb.com --scan 41python wascan.py--url http://testphp.vulnweb.com --scan 4


Full Scan

Through the following command we can do all the things at the same time like brute forcing, crawling, weakness, audit, attack etc. So we will add “–scan 5” to our command to activate full scan mode.

python wascan.py --url http://testphp.vulnweb.com/listproducts.php?cat=1 --scan 51python wascan.py--url http://testphp.vulnweb.com/listproducts.php?cat=1 --scan 5



Great !! It will first crawl the entire web application and try to find vulnerabilities in the web application by adding several combinations of payloads. As you can see how important vulnerabilities have been found in web applications.



Hmm !! You can see as proof that web application is vulnerable to the SQL injection vulnerability.



As you can see how many vulnerabilities it tries to detect in a web application.



Done !! Similarly, you can use the all these features available in this tools one by one and obtains some hidden files or vulnerabilities in the web application.

About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.