LSE toolsLSE toolsWapiti (142)Wapiti (142)

Tool and Usage

Project details

Year of inception
Programming language
Nicolas Surribas
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Wapiti is typically used to audit web applications.

How it works

By crawling a web application, Wapiti discovers available pages. This method is known as black box scanning, as it has no direct access to the source of the application. For this reason, it will have to try many different payloads to discover if there is a flaw in the application. This is also known as 'fuzzing'.

Background information

The development of the Wapiti projects knows a period of inactivity. For example, between version 2.3.0 and 3.0.0 there was about 4 years of time. With the new 3.0.0 version in early 2018, the project may got its reboot and help security professionals again.

Usage and audience

Wapiti is commonly used for application fuzzing, vulnerability scanning, or web application analysis. Target users for this tool are pentesters and security professionals.


  • Colored output
  • Command line interface
  • Multiple levels of details in output

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + Project is mature (10+ years)
  • + The source code of this software is available
  • + Well-known tool

Author and Maintainers

Wapiti is under development by Nicolas Surribas.


Supported operating systems

Wapiti is known to work on FreeBSD and Linux.


Several dependencies are required to use Wapiti.

  • Python 3

Wapiti alternatives

Similar tools to Wapiti:



Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications.



Web Application Security Scanner aimed towards helping users evaluate the security of web applications



Wfuzz is a security tool to do fuzzing of web applications. It is modular and can be used to discover and exploit web application vulnerabilities. This makes the tool useful for both developers as security professionals.

All Wapiti alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.