Tool and Usage
|Latest release||3.0.2 |
Why this tool?
Wapiti is typically used to audit web applications.
How it works
By crawling a web application, Wapiti discovers available pages. This method is known as black box scanning, as it has no direct access to the source of the application. For this reason, it will have to try many different payloads to discover if there is a flaw in the application. This is also known as 'fuzzing'.
The development of the Wapiti projects knows a period of inactivity. For example, between version 2.3.0 and 3.0.0 there was about 4 years of time. With the new 3.0.0 version in early 2018, the project may got its reboot and help security professionals again.
Usage and audience
Wapiti is commonly used for application fuzzing, vulnerability scanning, or web application analysis. Target users for this tool are pentesters and security professionals.
- Colored output
- Command line interface
- Multiple levels of details in output
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + Project is mature (10+ years)
- + The source code of this software is available
- + Well-known tool
Supported operating systems
Wapiti is known to work on FreeBSD and Linux.
Several dependencies are required to use Wapiti.
- Python 3
Similar tools to Wapiti:
Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications.
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
Wfuzz is a security tool to do fuzzing of web applications. It is modular and can be used to discover and exploit web application vulnerabilities. This makes the tool useful for both developers as security professionals.
This tool page was updated at . Found an improvement? Help the community by submitting an update.