Wapiti

The web-application vulnerability scanner.

Overview

Wapiti is a vulnerability scanner for web applications. It performs 'black-box' scans, which means it doesn't study the source code of the application but will scan the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets a list of URLs, forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

✨ Key Features

SQL Injection
Cross-Site Scripting (XSS)
File Disclosure
Command Execution
CRLF Injection

🎯 Key Differentiators

Focus on black-box web application scanning
Open-source and easy to use for basic scans
Supports both GET and POST HTTP methods for attacks

Unique Value: Provides a free and simple way to perform black-box security testing of web applications.

🎯 Use Cases (2)

Web application vulnerability scanning Security testing of web applications

            ✅ Best For
            Finding common web application vulnerabilities in a black-box manner

💡 Check With Vendor

Verify these considerations match your specific requirements:

Scanning of modern, JavaScript-heavy web applications
Organizations requiring a graphical user interface and advanced reporting

🏆 Alternatives

Nikto OWASP ZAP Arachni

Easier to set up and use for basic scans compared to more comprehensive frameworks like OWASP ZAP or Burp Suite.

💻 Platforms

Linux Windows macOS

✅ Offline Mode Available

🔌 Integrations

Can be integrated into scripts

💰 Pricing

Contact for pricing

Free Tier Available

Free tier: Fully featured and unlimited.

Visit Wapiti Website →

Wapiti

Overview

✨ Key Features

🎯 Key Differentiators

🎯 Use Cases (2)

✅ Best For

💡 Check With Vendor

🏆 Alternatives

💻 Platforms

🔌 Integrations

💰 Pricing

🔄 Similar Tools in Vulnerability Scanning

Tenable Nessus

Qualys Vulnerability Management, Detection and Response (VMDR)

Rapid7 InsightVM

OpenVAS

Acunetix

Burp Suite