{"id":17044,"date":"2021-06-08T05:55:03","date_gmt":"2021-06-08T03:55:03","guid":{"rendered":"http:\/\/blog.wenzlaff.de\/?p=17044"},"modified":"2021-06-08T08:43:06","modified_gmt":"2021-06-08T06:43:06","slug":"wapiti","status":"publish","type":"post","link":"http:\/\/blog.wenzlaff.de\/?p=17044","title":{"rendered":"\u201eBlack Box Test\u201c mit Wapiti"},"content":{"rendered":"

\u201eBlack Box Test\u201c mit Wapiti. Es pr\u00fcft Webseiten und Web-Applikationen auf Schwachstellen, indem es die Seitenstruktur ermittelt und daraufhin versucht, Daten und Payloads an Skripte und Formulare zu \u00fcbergeben. Cool, dann mal den eigenen Server \u00fcberpr\u00fcfen. Hier schon mal der Ergebnis-Report vorweg:
\n\"\"<\/p>\n

Installieren mit:<\/p>\n

sudo apt-get install wapiti<\/strong>
\nCheck wapiti -h<\/strong><\/p>\n

\r\n\r\nwapiti -h\r\nOups! No translations found for your language... Using english.\r\nPlease send your translations for improvements.\r\n===============================================================\r\n\r\n \u2588\u2588\u2557    \u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557\r\n \u2588\u2588\u2551    \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551\u255a\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255d\u2588\u2588\u2551\u255a\u2550\u2550\u2550\u2550\u2588\u2588\u2557\r\n \u2588\u2588\u2551 \u2588\u2557 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2554\u255d\r\n \u2588\u2588\u2551\u2588\u2588\u2588\u2557\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u255d \u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2551 \u255a\u2550\u2550\u2550\u2588\u2588\u2557\r\n \u255a\u2588\u2588\u2588\u2554\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551  \u2588\u2588\u2551\u2588\u2588\u2551     \u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\r\n  \u255a\u2550\u2550\u255d\u255a\u2550\u2550\u255d \u255a\u2550\u255d  \u255a\u2550\u255d\u255a\u2550\u255d     \u255a\u2550\u255d   \u255a\u2550\u255d   \u255a\u2550\u255d\u255a\u2550\u2550\u2550\u2550\u2550\u255d\r\nWapiti-3.0.1 (wapiti.sourceforge.net)\r\nusage: wapiti [-h] [-u URL] [--scope {page,folder,domain,url}]\r\n              [-m MODULES_LIST] [--list-modules] [-l LEVEL] [-p PROXY_URL]\r\n              [-a CREDENTIALS] [--auth-type {basic,digest,kerberos,ntlm}]\r\n              [-c COOKIE_FILE] [--skip-crawl] [--resume-crawl]\r\n              [--flush-attacks] [--flush-session] [-s URL] [-x URL]\r\n              [-r PARAMETER] [--skip PARAMETER] [-d DEPTH]\r\n              [--max-links-per-page MAX] [--max-files-per-dir MAX]\r\n              [--max-scan-time MINUTES] [--max-parameters MAX] [-S FORCE]\r\n              [-t SECONDS] [-H HEADER] [-A AGENT] [--verify-ssl {0,1}]\r\n              [--color] [-v LEVEL] [-f FORMAT] [-o OUPUT_PATH]\r\n              [--no-bugreport] [--version]\r\n\r\nWapiti-3.0.1: Web application vulnerability scanner\r\n\r\noptional arguments:\r\n  -h, --help            show this help message and exit\r\n  -u URL, --url URL     The base URL used to define the scan scope (default\r\n                        scope is folder)\r\n  --scope {page,folder,domain,url}\r\n                        Set scan scope\r\n  -m MODULES_LIST, --module MODULES_LIST\r\n                        List of modules to load\r\n  --list-modules        List Wapiti attack modules and exit\r\n  -l LEVEL, --level LEVEL\r\n                        Set attack level\r\n  -p PROXY_URL, --proxy PROXY_URL\r\n                        Set the HTTP(S) proxy to use. Supported: http(s) and\r\n                        socks proxies\r\n  -a CREDENTIALS, --auth-cred CREDENTIALS\r\n                        Set HTTP authentication credentials\r\n  --auth-type {basic,digest,kerberos,ntlm}\r\n                        Set the authentication type to use\r\n  -c COOKIE_FILE, --cookie COOKIE_FILE\r\n                        Set a JSON cookie file to use\r\n  --skip-crawl          Don't resume the scanning process, attack URLs scanned\r\n                        during a previous session\r\n  --resume-crawl        Resume the scanning process (if stopped) even if some\r\n                        attacks were previously performed\r\n  --flush-attacks       Flush attack history and vulnerabilities for the\r\n                        current session\r\n  --flush-session       Flush everything that was previously found for this\r\n                        target (crawled URLs, vulns, etc)\r\n  -s URL, --start URL   Adds an url to start scan with\r\n  -x URL, --exclude URL\r\n                        Adds an url to exclude from the scan\r\n  -r PARAMETER, --remove PARAMETER\r\n                        Remove this parameter from urls\r\n  --skip PARAMETER      Skip attacking given parameter(s)\r\n  -d DEPTH, --depth DEPTH\r\n                        Set how deep the scanner should explore the website\r\n  --max-links-per-page MAX\r\n                        Set how many (in-scope) links the scanner should\r\n                        extract for each page\r\n  --max-files-per-dir MAX\r\n                        Set how many pages the scanner should explore per\r\n                        directory\r\n  --max-scan-time MINUTES\r\n                        Set how many minutes you want the scan to last (floats\r\n                        accepted)\r\n  --max-parameters MAX  URLs and forms having more than MAX input parameters\r\n                        will be erased before attack.\r\n  -S FORCE, --scan-force FORCE\r\n                        Easy way to reduce the number of scanned and attacked\r\n                        URLs. Possible values: paranoid, sneaky, polite,\r\n                        normal, aggressive, insane\r\n  -t SECONDS, --timeout SECONDS\r\n                        Set timeout for requests\r\n  -H HEADER, --header HEADER\r\n                        Set a custom header to use for every requests\r\n  -A AGENT, --user-agent AGENT\r\n                        Set a custom user-agent to use for every requests\r\n  --verify-ssl {0,1}    Set SSL check (default is no check)\r\n  --color               Colorize output\r\n  -v LEVEL, --verbose LEVEL\r\n                        Set verbosity level (0: quiet, 1: normal, 2: verbose)\r\n  -f FORMAT, --format FORMAT\r\n                        Set output format. Supported: json, html (default),\r\n                        txt, openvas, vulneranet, xml\r\n  -o OUPUT_PATH, --output OUPUT_PATH\r\n                        Output file or folder\r\n  --no-bugreport        Don't send automatic bug report when an attack module\r\n                        fails\r\n  --version             Show program's version number and exit<\/pre>\n
Dann mal das Programm auf den eigenen Server loslassen:<\/p>\n
wapiti -u http:\/\/localhost\/<\/strong><\/p>\n
Der erzeugten HTML Reports liegen in:
\n
\n.wapiti\/generated_report<\/strong><\/p>\n
ein Beispiel ist oben zu sehen.<\/p>\n
Disclaimer<\/strong>: Bitte beachten, dass es illegal und strafbar ist, Hosts ohne schriftliche Genehmigung zu scannen.
\nVerwenden Sie nikto nicht auf fremde Server an! Sondern verwenden Sie nur den eigenen Server oder VMs f\u00fcr \u00dcbungs- und Testzwecke.<\/p>\n","protected":false},"excerpt":{"rendered":"
\u201eBlack Box Test\u201c mit Wapiti. Es pr\u00fcft Webseiten und Web-Applikationen auf Schwachstellen, indem es die Seitenstruktur ermittelt und daraufhin versucht, Daten und Payloads an Skripte und Formulare zu \u00fcbergeben. Cool, dann mal den eigenen Server \u00fcberpr\u00fcfen. Hier schon mal der Ergebnis-Report vorweg: Installieren mit:<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[220,808,1023,1319,7],"tags":[511,4922,256,2095,4921,993,4919],"class_list":["post-17044","post","type-post","status-publish","format-standard","hentry","category-anleitung","category-linux-2","category-raspberry-pi","category-sicherheit-2","category-tools","tag-scann","tag-scannner","tag-tool","tag-ueberpruefen","tag-wapiti","tag-web","tag-webserver"],"_links":{"self":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts\/17044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=17044"}],"version-history":[{"count":0,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts\/17044\/revisions"}],"wp:attachment":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=17044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=17044"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=17044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}