Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / DevOps / testing

waymap

0.00/5 (No votes)
2 Oct 2024GPL32 min read 821   2  
Waymap is a fast and optimized web vulnerability scanner built for penetration testers. It helps in identifying vulnerabilities by testing against various payloads.

Waymap - Web Vulnerability Scanner

Current Version: 2.4.1 Author: Trix Cyrus
Contributions: Yash (0day-Yash) & Jennin (@JeninSutradhar) Copyright: © 2024 Trixsec Org
Maintained: Yes

What is Waymap?

Waymap is a fast and optimized And Automated web vulnerability scanner designed for penetration testers. It effectively identifies vulnerabilities by testing against a variety of payloads.

Demo Video

Check out this video to see Waymap in action:

Waymap Demo

Vulnerability Examples

  • SQL Injection
    SQL Injection

  • Command Injection
    Command Injection

  • Server Side Template Injection
    Command Injection

    Can't add more screenshot it'll increase the size of readme.md

Features Overview

v1.0.3 (First Version)

  • SQL Injection
  • Command Injection
  • Web Crawling

v1.0.4

  • Updated crawler to operate within target domain boundaries and handle URL redirection.
  • Added auto-update functionality for the scanner (please reclone the repo if using v1.0.4).

v1.0.5

  • Fixed minor bugs (please reclone the repo if using v1.0.4).

v1.0.6

  • Enhanced the auto-update feature; no need to reclone the repo after this update. Please reclone if using v1.0.5.

v1.0.7

  • Fixed minor bugs and added support for scanning multiple URLs using --multi-target {targetfilename}.txt (ensure the file has one URL per line).
  • Auto-update enabled; no need to reclone unless on version v1.0.5 or older.

v1.0.8

  • Added concurrency to utilize more CPU threads, speeding up SQL injection scans.
  • Improved stability.
  • Added logging functionality.

v1.0.9

  • minor bug fix

v1.1.0

  • added a new scan type : Server Side Template Injection: --scan ssti
  • now you can do all type scan in one command using : --scan all
  • Added Threading In SSTI(Server Side Template Injection)

v1.1.1

  • fixed ssti exiting error

v1.2.1

  • added new scanning module: xss(cross site scripting) --scan xss
  • added xss filters bypass payload testing
  • added threading in xss testing
  • added new scanning module: LFI(Local File Inclusion) --scan lfi
  • added threading in lfi testing

v1.3.1

  • added new scanning module: --scan open-redirect (check for open redirection vulnerability)
  • added custom threads count in open redirect testing
  • fixed minor bugs

v2.4.1

  • added new scanning module: --scan crlf(Carriage Return and Line Feed)
  • added custom threading count in crlf
  • added a more advanced crawler to waymap can crawl at any depth
  • added custom threading in crawling
  • added new user-agents in ua.txt
  • fixed major bugs/errors

--NEW--UPDATES--SOON--

Installation and Usage

Clone the repository:

git clone https://github.com/TrixSec/waymap.git

Install the required dependencies:

pip install .

Run Waymap:

python waymap.py --crawl 1 --scan sql/cmdi/ssti/xss/lfi/open-redirect/all --target/--multi-target https://example.com/{filename}.txt

Check Help

python waymap.py -h

Follow Us on Telegram

Stay updated with the latest tools and hacking resources. Join our Telegram Channel by clicking the logo below:

Telegram

Happy Hacking!

License

This article, along with any associated source code and files, is licensed under The GNU General Public License (GPLv3)