Wapiti
GPL-2.0๐ธ Web Scanning ยท Python
Wapiti is a black-box web application vulnerability scanner that crawls target websites and injects payloads to detect security flaws without requiring access to the application's source code. It tests for a comprehensive range of vulnerabilities including SQL injection, cross-site scripting (XSS), file inclusion, command injection, XXE, SSRF, and open redirects through its modular fuzzer architecture. Penetration testers and security assessors use Wapiti as an automated first pass during web application assessments to identify low-hanging vulnerabilities and map the application's attack surface. Written in Python with support for authenticated scanning and multiple output formats, it serves as a free and open-source alternative to commercial web scanners like Acunetix and Burp Suite Pro.
Tags
Details
- Category
- ๐ธ Web Scanning
- Language
- Python
- Repository
- wapiti-scanner/wapiti
- License
- GPL-2.0
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
Community Reviews
Alternatives & Comparisons
Nuclei
GoFast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.
Compare Wapiti vs NucleiNikto
PerlClassic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.
Compare Wapiti vs NiktoMore in Web Scanning
httpx
GoFast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.
Nikto
PerlClassic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.
Gobuster
GoDirectory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.
Feroxbuster
RustFast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.
Burp Suite Community
JavaWeb vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.
ffuf
GoFast web fuzzer written in Go. Fuzz anything - URLs, headers, POST data - with blazing speed.