The web-application vulnerability scanner Wapiti allows you to audit the security of your websites or web applications. It performs 'black-box' scans by crawling webpages, looking for scripts and forms to inject data, and acts like a fuzzer to test vulnerabilities. Wapiti modules cover SQL Injections, Cross Site Scripting, File disclosure, Command Execution, XXE injection, CRLF Injection, Shellshock, Server Side Request Forgery, and more.
FEATURES
SIMILAR TOOLS
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
Amass by OWASP performs comprehensive attack surface mapping and asset discovery.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
Simple script to check a domain's email protections and identify vulnerabilities.
An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.