Jump to content
Fi8sVrs

Spaghetti - Web Application Security Scanner v0.1.1

Recommended Posts

  • Active Members

logo.png

Description

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment.

screen1.png

 

Installation

$ git clone https://github.com/m4ll0k/Spaghetti.git
$ cd Spaghetti 
$ pip install -r requirements.txt
$ python spaghetti.py --help

Features

  • Fingerprints

             - Server

             - Web Frameworks (CakePHP,CherryPy,Django,...)

             - Web Application Firewall (Waf) (Cloudflare,AWS,Barracuda,...)

            - Content Management System (CMS) (Drupal,Joomla,Wordpress,Magento)

            - Operating System (Linux,Unix,Windows,...)

            - Language (PHP,Ruby,Python,ASP,...)

Example:

python spaghetti.py --url target.com --scan 0 --random-agent --verbose

screen2.png

 

  • Discovery:

    • Apache

      • Apache (mod_userdir)
      • Apache (mod_status)
      • Apache multiviews
      • Apache xss
    • Broken Auth./Session Management

      • Admin Panel
      • Backdoors
      • Backup Directory
      • Backup File
      • Common Directory
      • Common File
      • Log File
    • Disclosure

      • Emails
      • IP
    • Injection

      • HTML
      • SQL
      • LDAP
      • XPath
      • XSS
      • RFI
      • PHP Code
    • Other

      • Allow Methods
      • HTML Object
      • Multiple Index
      • Robots Paths
      • Cookie Security
    • Vulns

      • ShellShock
      • Struts-Shock

 

Example:

python spaghetti.py --url target.com --scan 1 --random-agent --verbose

screen_3.png

 

Download Spagetti-master.zip

Source

  • Thanks 1
  • Upvote 3
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...