Wapiti

VERIFIED

Open-source black-box web application vulnerability scanner

Vulnerability ScanningOSS

Easy

LinuxWindowsmacOS

Description

Wapiti is an open-source web application vulnerability scanner that performs black-box testing by crawling web pages and injecting payloads to detect vulnerabilities. It tests for SQL injection, XSS, file inclusion, command execution, SSRF, XXE, and more. Results are generated as HTML, JSON, or XML reports with remediation guidance.

Use Cases

Black-box web application vulnerability scanning
Detecting injection flaws without source code access
Automated security reports for web applications

Attack Phases

01. RECON

02. SCAN

03. EXPLOIT

04. PERSIST

05. COVER

MITRE ATT&CK Techniques (2)

T1190Exploit Public-Facing Application

Related Tools (3)

Nikto Nuclei SQLMap