Provided by: wapiti_2.2.1+dfsg-1_all bug

NAME

       Wapiti - A web application vulnerability scanner in Python.

SYNOPSIS

       wapiti ROOT_URL [OPTIONS]

DESCRIPTION

       Wapiti allows you to audit the security of your web applications.
       It  performs  "black-box" scans, i.e. it does not study the source code of the application
       but will scans the webpages of the deployed webapp, looking for scripts and forms where it
       can inject data.
       Once  it  gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script
       is vulnerable.

OPTIONS

       -s, --start=URL
              To specify an url to start with.

       -x, --exclude=URL
              To exclude an url from the scan (for example logout scripts).  You can also  use  a
              wildcard (*)
              Example :
                     -x "http://server/base/?page=*&module=test"
              or
                     -x http://server/base/admin/* to exclude a directory

       -b, --scope=SCOPE
              Set the scope of the scan:
                     page :  to analyse only the page passed in the URL
                     folder  : to analyse all the links to the pages which are in the same folder
                     as the URL passed to Wapiti.
                     domain : to analyse all the links to the pages which are in the same  domain
                     as the URL passed to Wapiti.
              If no scope is set, Wapiti scans all the tree under the given URL.

       -p, --proxy=PROXY_URL
              To specify a proxy.
              Example:
                     -p http://proxy:port/
                     -p socks://proxy:port/

       -c, --cookie=COOKIE
              To import session cookies from the COOKIE file.

       -t, --timeout=TIMEOUT
              Set the timeout to TIMEOUT (in seconds).

       -a, --auth=LOGIN%PASSWORD
              Set credentials for HTTP authentication ('%' is used as a separator).

       -r, --remove=PARAM
              Automatically remove the parameter PARAM from the urls.

       -n, --nice=LIMIT
              Define a limit of urls to read with the same pattern.
              Use this option to prevent endless loops. Must be greater than 0.

       -m, --module=MODULE_OPTIONS
              Set the modules and HTTP methods to use for attacks.
              Example:
                     -m "-all,xss:get,exec:post"

       -i, --continue=FILE
              This  parameter indicates Wapiti to continue with the scan from the specified file,
              this file should contain data from a previous scan.  The file is optional, if it is
              not specified, Wapiti takes the default filefrom "scans" folder.

       -k, --attack=FILE
              This  parameter  indicates  Wapiti  to  perform  attacks without scanning again the
              website and following the data of this file.  The file is optional, if  it  is  not
              specified, Wapiti takes the default file from "scans" folder.

       -u, --underline
              Use color to highlight vulnerables parameters in output.

       -v, --verbose=LEVEL
              Set the verbosity level to LEVEL.
              0: quiet (default), 1: print each url, 2: print every attack.

       -f, --reportType=TYPE
              Set the type of the report to TYPE (values are xml, txt, html).

       -o, --output=FILE
              Write the report to FILE.
              If the selected report type is "html", this parameter must be a directory.

       -h, --help
              To print this usage message.

LICENCE

       wapiti is covered by the GNU General Public License (GPL), version 2.
       Please read the COPYING file for more information.

COPYRIGHT

       Copyright (c) 2006 Nicolas Surribas.

AUTHORS

       Nicolas Surribas
       David del Pozo
       Alberto Pastor

BUG REPORTS

       If      you      find      a     bug     in     Wapiti     please     report     it     to
       http://sourceforge.net/tracker/?group_id=168625

SEE ALSO

       The README file that comes with Wapiti gives more detailed information on the options.