콘텐츠로 이동
1337skills 1337skills - 치트시트

Wapiti 치트 시트

## 개요

Wapiti는 웹 애플리케이션의 취약점을 검사하는 블랙박스 테스팅 웹 애플리케이션 취약점 스캐너입니다. 웹 페이지를 크롤링하고 데이터를 주입할 수 있는 스크립트와 양식을 찾습니다. URL, 양식 및 해당 입력 목록을 얻으면 Wapiti는 퍼저처럼 작동하여 페이로드를 주입하여 스크립트의 취약성을 확인합니다. Wapiti는 SQL 인젝션, XSS, 파일 포함, 명령 실행 등 다양한 취약점을 탐지할 수 있습니다.

⚠️ 경고: Wapiti는 자신이 소유하거나 명시적인 허가를 받은 애플리케이션에 대해서만 사용하세요. 무단 테스트는 서비스 약관이나 현지 법률을 위반할 수 있습니다.

Would you like me to continue translating the remaining sections? I can complete the full translation if you provide the specific text for sections 3-20.```bash

Install via pip

pip install wapiti3

Install with all dependencies

pip install wapiti3[complete]

Install development version

pip install git+https://github.com/wapiti-scanner/wapiti.git

Verify installation

wapiti —version


### System Package Installation
```bash
# Ubuntu/Debian
sudo apt update
sudo apt install wapiti

# CentOS/RHEL/Fedora
sudo yum install wapiti
# or
sudo dnf install wapiti

# Arch Linux
sudo pacman -S wapiti

# macOS with Homebrew
brew install wapiti

Docker Installation

# Pull Docker image
docker pull wapiti/wapiti:latest

# Run with Docker
docker run --rm -it wapiti/wapiti:latest --help

# Create alias for easier usage
echo 'alias wapiti="docker run --rm -it -v $(pwd):/data wapiti/wapiti:latest"' >> ~/.bashrc
source ~/.bashrc

Manual Installation

# Clone repository
git clone https://github.com/wapiti-scanner/wapiti.git
cd wapiti

# Install dependencies
pip install -r requirements.txt

# Install
python setup.py install

# Or run directly
python wapiti.py --help

Basic Usage

Simple Vulnerability Scan

# Basic scan
wapiti -u http://target.com

# Scan with specific modules
wapiti -u http://target.com -m sql,xss,file

# Scan with all modules
wapiti -u http://target.com -m all

# Verbose scan
wapiti -u http://target.com -v 2

# Quiet scan
wapiti -u http://target.com -q

Crawling Options

# Set crawling depth
wapiti -u http://target.com --depth 3

# Set maximum pages to crawl
wapiti -u http://target.com --max-pages 100

# Set crawling scope
wapiti -u http://target.com --scope domain

# Include/exclude specific paths
wapiti -u http://target.com --skip-crawl "/admin,/test"

# Follow external links
wapiti -u http://target.com --scope url

Authentication

# Basic authentication
wapiti -u http://target.com --auth-user admin --auth-password secret

# Cookie-based authentication
wapiti -u http://target.com --cookie "PHPSESSID=abc123; auth=true"

# Custom headers
wapiti -u http://target.com --headers "Authorization: Bearer token123"

# Login form authentication
wapiti -u http://target.com --auth-method form --auth-url http://target.com/login --auth-user admin --auth-password secret

Vulnerability Modules

Available Modules

# List all available modules
wapiti --list-modules

# SQL injection detection
wapiti -u http://target.com -m sql

# Cross-site scripting (XSS)
wapiti -u http://target.com -m xss

# File inclusion vulnerabilities
wapiti -u http://target.com -m file

# Command execution
wapiti -u http://target.com -m exec

# Cross-site request forgery (CSRF)
wapiti -u http://target.com -m csrf

# Server-side request forgery (SSRF)
wapiti -u http://target.com -m ssrf

# XML external entity (XXE)
wapiti -u http://target.com -m xxe

# Backup file detection
wapiti -u http://target.com -m backup

# Directory traversal
wapiti -u http://target.com -m traversal

# HTTP security headers
wapiti -u http://target.com -m headers

Module-Specific Scans

# Comprehensive SQL injection scan
wapiti -u http://target.com -m sql --level 2

# XSS with custom payloads
wapiti -u http://target.com -m xss --payload-file xss_payloads.txt

# File inclusion with time delay
wapiti -u http://target.com -m file --timeout 10

# Command execution with specific OS
wapiti -u http://target.com -m exec --os linux

# Multiple modules
wapiti -u http://target.com -m "sql,xss,file,exec"

Advanced Configuration

Proxy and Network Settings

# Use HTTP proxy
wapiti -u http://target.com --proxy http://127.0.0.1:8080

# Use SOCKS proxy
wapiti -u http://target.com --proxy socks5://127.0.0.1:9050

# Set timeout
wapiti -u http://target.com --timeout 30

# Set delay between requests
wapiti -u http://target.com --delay 2

# Set user agent
wapiti -u http://target.com --user-agent "Custom Scanner 1.0"

# Ignore SSL certificate errors
wapiti -u https://target.com --verify-ssl 0

Crawling Configuration

# Set maximum crawling time
wapiti -u http://target.com --max-scan-time 3600

# Set maximum parameters per page
wapiti -u http://target.com --max-parameters 20

# Set maximum attack time per URL
wapiti -u http://target.com --max-attack-time 300

# Exclude specific file types
wapiti -u http://target.com --exclude "*.pdf,*.jpg,*.png"

# Include only specific file types
wapiti -u http://target.com --include "*.php,*.asp,*.jsp"

# Set crawling rules
wapiti -u http://target.com --crawl-rules "follow_redirects,parse_robots"

Output and Reporting

# Generate HTML report
wapiti -u http://target.com -f html -o /tmp/wapiti_report.html

# Generate XML report
wapiti -u http://target.com -f xml -o /tmp/wapiti_report.xml

# Generate JSON report
wapiti -u http://target.com -f json -o /tmp/wapiti_report.json

# Generate TXT report
wapiti -u http://target.com -f txt -o /tmp/wapiti_report.txt

# Multiple output formats
wapiti -u http://target.com -f html,xml,json -o /tmp/wapiti_report

Specialized Scanning

API Testing

# Scan REST API
wapiti -u http://api.target.com/v1 --scope domain -m "sql,xss,xxe"

# Scan with API authentication
wapiti -u http://api.target.com/v1 --headers "Authorization: Bearer token123" -m all

# Scan GraphQL endpoints
wapiti -u http://target.com/graphql -m "sql,xss" --level 2

# Scan with custom content type
wapiti -u http://api.target.com/v1 --headers "Content-Type: application/json" -m all

Form-Based Testing

# Focus on forms only
wapiti -u http://target.com --attack-forms-only

# Skip GET parameters
wapiti -u http://target.com --skip-get-params

# Test specific form fields
wapiti -u http://target.com --form-data "username=admin&password=test"

# Upload file testing
wapiti -u http://target.com --upload-dir /tmp/uploads -m file

Session Management

# Use session file
wapiti -u http://target.com --session-file session.json

# Save session for later use
wapiti -u http://target.com --save-session session.json

# Resume previous scan
wapiti -u http://target.com --resume-session session.json

# Clear session data
wapiti -u http://target.com --clear-session

Custom Payloads and Rules

Custom Payload Files

# Create custom SQL injection payloads
cat > sql_payloads.txt << 'EOF'
' OR '1'='1
' UNION SELECT NULL--
'; DROP TABLE users--
' AND SLEEP(5)--
' OR 1=1#
EOF

# Use custom payloads
wapiti -u http://target.com -m sql --payload-file sql_payloads.txt

# Create custom XSS payloads
cat > xss_payloads.txt << 'EOF'
<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
javascript:alert('XSS')
<svg onload=alert('XSS')>
EOF

wapiti -u http://target.com -m xss --payload-file xss_payloads.txt

Configuration Files

# Create configuration file
cat > wapiti.conf << 'EOF'
[general]
timeout = 30
delay = 1
max_pages = 200
max_scan_time = 7200

[crawling]
depth = 3
scope = domain
follow_redirects = true

[modules]
sql = true
xss = true
file = true
exec = false
csrf = true

[output]
format = html,json
output_dir = /tmp/wapiti_reports
EOF

# Use configuration file
wapiti -u http://target.com --config wapiti.conf

Custom Attack Modules

#!/usr/bin/env python3
# Custom Wapiti module example

from wapitiCore.attack.attack import Attack
from wapitiCore.language.vulnerability import Vulnerability

class CustomAttack(Attack):
    """Custom attack module for Wapiti"""

    name = "custom"
    description = "Custom vulnerability detection"

    def __init__(self, crawler, persister, logger, attack_options):
        super().__init__(crawler, persister, logger, attack_options)
        self.payloads = [
            "custom_payload_1",
            "custom_payload_2",
            "custom_payload_3"
        ]

    def attack(self, http_res):
        """Main attack method"""
        url = http_res.url

        for payload in self.payloads:
            # Inject payload and test response
            test_url = f"\\\\{url\\\\}?test=\\\\{payload\\\\}"

            try:
                response = self.crawler.get(test_url)

                if self.is_vulnerable(response):
                    vuln = Vulnerability(
                        category="Custom Vulnerability",
                        level=Vulnerability.HIGH_LEVEL,
                        request=response.http_request,
                        info="Custom vulnerability detected"
                    )
                    self.add_vuln(vuln)

            except Exception as e:
                self.logger.error(f"Error testing \\\\{test_url\\\\}: \\\\{e\\\\}")

    def is_vulnerable(self, response):
        """Check if response indicates vulnerability"""
        indicators = ["error", "exception", "debug"]
        return any(indicator in response.content.lower() for indicator in indicators)

Automation Scripts

Comprehensive Scanning Script

#!/bin/bash
# Comprehensive web application security scan

TARGET="$1"
OUTPUT_DIR="wapiti_scan_$(date +%Y%m%d_%H%M%S)"

if [ -z "$TARGET" ]; then
    echo "Usage: $0 <target_url>"
    exit 1
fi

mkdir -p "$OUTPUT_DIR"

echo "[+] Starting comprehensive scan for: $TARGET"

# Basic vulnerability scan
echo "[+] Running basic vulnerability scan..."
wapiti -u "$TARGET" \
    -m "sql,xss,file,exec,csrf,ssrf" \
    -f html,json \
    -o "$OUTPUT_DIR/basic_scan" \
    --level 2 \
    --timeout 30 \
    --max-pages 500

# Deep SQL injection scan
echo "[+] Running deep SQL injection scan..."
wapiti -u "$TARGET" \
    -m sql \
    -f json \
    -o "$OUTPUT_DIR/sql_scan.json" \
    --level 3 \
    --timeout 60

# XSS focused scan
echo "[+] Running XSS focused scan..."
wapiti -u "$TARGET" \
    -m xss \
    -f json \
    -o "$OUTPUT_DIR/xss_scan.json" \
    --level 2 \
    --timeout 30

# File inclusion scan
echo "[+] Running file inclusion scan..."
wapiti -u "$TARGET" \
    -m file \
    -f json \
    -o "$OUTPUT_DIR/file_scan.json" \
    --level 2

# Backup file detection
echo "[+] Running backup file detection..."
wapiti -u "$TARGET" \
    -m backup \
    -f json \
    -o "$OUTPUT_DIR/backup_scan.json"

# Security headers check
echo "[+] Checking security headers..."
wapiti -u "$TARGET" \
    -m headers \
    -f json \
    -o "$OUTPUT_DIR/headers_scan.json"

echo "[+] Scan completed. Results saved to: $OUTPUT_DIR"

# Generate summary
python3 ``<< EOF
import json
import os
from collections import defaultdict

results_dir = "$OUTPUT_DIR"
vulnerabilities = defaultdict(list)

for filename in os.listdir(results_dir):
    if filename.endswith('.json'):
        filepath = os.path.join(results_dir, filename)
        try:
            with open(filepath, 'r') as f:
                data = json.load(f)
                if 'vulnerabilities' in data:
                    for vuln in data['vulnerabilities']:
                        vuln_type = vuln.get('type', 'Unknown')
                        vulnerabilities[vuln_type].append(vuln)
        except Exception as e:
            print(f"Error processing \\\{filename\\\}: \\\{e\\\}")

print("\\n=== VULNERABILITY SUMMARY ===")
total_vulns = 0
for vuln_type, vulns in vulnerabilities.items():
    count = len(vulns)
    total_vulns += count
    print(f"\\\{vuln_type\\\}: \\\{count\\\}")

print(f"\\nTotal vulnerabilities found: \\\{total_vulns\\\}")

# Save summary
summary = \\\{
    'total_vulnerabilities': total_vulns,
    'by_type': \\\{k: len(v) for k, v in vulnerabilities.items()\\\}
\\\}

with open(os.path.join(results_dir, 'summary.json'), 'w') as f:
    json.dump(summary, f, indent=2)
EOF
```### 연속 모니터링 스크립트
```bash
#!/bin/bash
# Continuous web application monitoring

CONFIG_FILE="monitor_config.conf"
LOG_FILE="wapiti_monitor.log"

# Configuration
TARGETS=(
    "https://app1.example.com"
    "https://app2.example.com"
    "https://api.example.com"
)

SCAN_INTERVAL=86400  # 24 hours
ALERT_EMAIL="security@example.com"

log_message() \\\{
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"|tee -a "$LOG_FILE"
\\\}

send_alert() \\\{
    local target="$1"
    local vuln_count="$2"
    local report_file="$3"

    if [ "$vuln_count" -gt 0 ]; then
        log_message "ALERT: $vuln_count vulnerabilities found in $target"

        # Send email alert (requires mail command)
        if command -v mail >``/dev/null 2>&1; then
            echo "Wapiti scan found $vuln_count vulnerabilities in $target. See attached report."|\
                mail -s "Security Alert: Vulnerabilities Detected" -A "$report_file" "$ALERT_EMAIL"
        fi
    fi
\\\\}

scan_target() \\\\{
    local target="$1"
    local timestamp=$(date +%Y%m%d_%H%M%S)
    local output_dir="monitor_$\\\\{timestamp\\\\}"
    local report_file="$\\\\{output_dir\\\\}/scan_report.json"

    log_message "Starting scan for: $target"

    mkdir -p "$output_dir"

    # Run Wapiti scan
    wapiti -u "$target" \
        -m "sql,xss,file,exec,csrf" \
        -f json \
        -o "$report_file" \
        --timeout 30 \
        --max-pages 200 \
        --level 1 \
        2>>"$LOG_FILE"

    if [ -f "$report_file" ]; then
        # Count vulnerabilities
        vuln_count=$(python3 -c "
import json
try:
    with open('$report_file', 'r') as f:
        data = json.load(f)
        print(len(data.get('vulnerabilities', [])))
except:
    print(0)
")

        log_message "Scan completed for $target. Found $vuln_count vulnerabilities."
        send_alert "$target" "$vuln_count" "$report_file"

        # Cleanup old reports (keep last 10)
        ls -t monitor_*/scan_report.json 2>/dev/null|tail -n +11|xargs rm -f 2>/dev/null

    else
        log_message "ERROR: Scan failed for $target"
    fi
\\\\}

# Main monitoring loop
while true; do
    log_message "Starting monitoring cycle"

    for target in "$\\\\{TARGETS[@]\\\\}"; do
        scan_target "$target"
        sleep 60  # Wait between targets
    done

    log_message "Monitoring cycle completed. Sleeping for $SCAN_INTERVAL seconds."
    sleep "$SCAN_INTERVAL"
done
```### CI/CD 통합 스크립트
```bash
#!/bin/bash
# CI/CD pipeline integration script

set -e

TARGET_URL="$1"
FAIL_ON_VULN="$\\\\{2:-true\\\\}"
OUTPUT_DIR="wapiti_ci_$(date +%Y%m%d_%H%M%S)"

if [ -z "$TARGET_URL" ]; then
    echo "Usage: $0 <target_url> [fail_on_vulnerabilities]"
    exit 1
fi

mkdir -p "$OUTPUT_DIR"

echo "Starting security scan for: $TARGET_URL"

# Run Wapiti scan
wapiti -u "$TARGET_URL" \
    -m "sql,xss,file,exec,csrf" \
    -f json,html \
    -o "$OUTPUT_DIR/security_scan" \
    --timeout 30 \
    --max-pages 100 \
    --level 1

# Process results
REPORT_FILE="$OUTPUT_DIR/security_scan.json"

if [ -f "$REPORT_FILE" ]; then
    # Count vulnerabilities by severity
    python3 << EOF
import json
import sys

with open('$REPORT_FILE', 'r') as f:
    data = json.load(f)

vulnerabilities = data.get('vulnerabilities', [])
total = len(vulnerabilities)

severity_counts = \\\\{'high': 0, 'medium': 0, 'low': 0\\\\}
for vuln in vulnerabilities:
    severity = vuln.get('level', 'low').lower()
    if severity in severity_counts:
        severity_counts[severity] += 1

print(f"Security Scan Results:")
print(f"Total vulnerabilities: \\\\{total\\\\}")
print(f"High severity: \\\\{severity_counts['high']\\\\}")
print(f"Medium severity: \\\\{severity_counts['medium']\\\\}")
print(f"Low severity: \\\\{severity_counts['low']\\\\}")

# Exit with error code if vulnerabilities found and fail_on_vuln is true
if '$FAIL_ON_VULN' == 'true' and total > 0:
    print("\\nSecurity vulnerabilities detected. Failing build.")
    sys.exit(1)
else:
    print("\\nSecurity scan completed successfully.")
    sys.exit(0)
EOF

else
    echo "ERROR: Scan report not found"
    exit 1
fi
```## 다른 도구와의 통합
```bash
# Use Burp as proxy for Wapiti
wapiti -u http://target.com --proxy http://127.0.0.1:8080

# Export discovered URLs to Burp
wapiti -u http://target.com --crawl-only -f txt -o burp_targets.txt
```### Burp Suite 통합
```bash
# Use ZAP as proxy
wapiti -u http://target.com --proxy http://127.0.0.1:8080

# Generate ZAP-compatible report
wapiti -u http://target.com -f xml -o zap_import.xml
```### OWASP ZAP 통합
```bash
# Extract URLs for Nuclei
wapiti -u http://target.com --crawl-only --format txt|grep -E '^http' > nuclei_targets.txt

# Run Nuclei on discovered URLs
nuclei -l nuclei_targets.txt -t /path/to/nuclei-templates/
```### Nuclei 통합
```bash
# Increase crawling timeout
wapiti -u http://target.com --timeout 60

# Reduce crawling depth
wapiti -u http://target.com --depth 1

# Skip problematic URLs
wapiti -u http://target.com --skip-crawl "/problematic-path"

# Use different user agent
wapiti -u http://target.com --user-agent "Mozilla/5.0 (compatible; Scanner)"
```## 문제 해결
```bash
# Debug authentication
wapiti -u http://target.com --auth-user admin --auth-password secret -v 2

# Use cookie authentication instead
wapiti -u http://target.com --cookie "session=valid_session_id"

# Test authentication manually first
curl -u admin:secret http://target.com/protected
```### 일반적인 문제들
```bash
# Reduce scan scope
wapiti -u http://target.com --max-pages 50

# Increase delays
wapiti -u http://target.com --delay 3

# Use fewer modules
wapiti -u http://target.com -m "sql,xss"

# Set scan time limit
wapiti -u http://target.com --max-scan-time 1800
```#### 크롤링 문제
```bash
# Disable SSL verification
wapiti -u https://target.com --verify-ssl 0

# Use specific SSL version
wapiti -u https://target.com --ssl-version TLSv1.2

# Debug SSL issues
wapiti -u https://target.com -v 2 --verify-ssl 0
```#### 인증 문제
```bash
# Enable verbose logging
wapiti -u http://target.com -v 2

# Save debug information
wapiti -u http://target.com -v 2 2>&1|tee wapiti_debug.log

# Test specific module
wapiti -u http://target.com -m sql -v 2

# Dry run (crawl only)
wapiti -u http://target.com --crawl-only -v 1
```#### 성능 문제
https://wapiti-scanner.github.io/###

# SSL/TLS 문제
https://github.com/wapiti-scanner/wapiti##

# 디버깅 및 로깅
https://owasp.org/www-project-web-security-testing-guide/#

# 리소스
https://owasp.org/www-community/Vulnerability_Scanning_Tools- [공식 Wapiti 문서](https://docs.python.org/3/library/security_warnings.html)https://www.sans.org/white-papers/2178/- [Wapiti GitHub 저장소](https://owasp.org/www-community/controls/Static_Code_Analysis)