Current Version: 6.0.6
Author: Trix Cyrus
Copyright: © 2024 Trixsec Org
Maintained: Yes
Waymap is a fast and optimized web vulnerability scanner designed to identify security flaws in web applications. With support for multiple scan types and customizable configurations, it is a versatile tool for ethical hackers, penetration testers, and security enthusiasts. And Is Able To Scan For 75+ Web Vulnerabilities
- Removed --profileurl/-pu arg now to use profile high or critical give the target with --target arg and use --profile arg
- Removed --url and --multi-url/-mu arg now to directly scan the target without crawling url should have a GET parameter for more info look below for Basic Commands
- added 74 Critical severity Cves data
- For CVEs Info Read The CVEVULN.md File
- Removed Old Error Based Sql Method Use the new one by --scan sqli
- Updated The Open Redirect Vuln Testing In Waymap
- Updated The Crawler To v4
- Added 249 High Risk Cves Data In Waymap
- Total Count: 390
- Added New Scan Profile 'deepscan' use using --profile deepscan
- Features in Deepscan: Scan for 25+ Types of Headers Vuln , Do Massive Directory Fuzzing, Find Backup Files On The Server
- Fixed Scan Type 'cors' Error
- minor bug fixed
- fixed issue regaring waymap updates
--- New Crazy Updates Soon
- Target-based scanning:
Scan single or multiple targets using
--targetor--multi-targetoptions - Profile-based scanning: Supports high-risk, critical-risk and deepscan scan profiles for targeted assessments.
- SQL Injection (SQLi):
Detect vulnerabilities related to SQL injection. - Command Injection (CMDi):
Identify potential command execution vulnerabilities. - Server-Side Template Injection (SSTI):
Scan for template injection risks in server-side frameworks. - Cross-Site Scripting (XSS):
Check for reflective XSS vulnerabilities. - Local File Inclusion (LFI):
Locate file inclusion vulnerabilities. - Open Redirect:
Identify redirect-related issues. - Carriage Return and Line Feed (CRLF):
Scan for CRLF injection flaws. - Cross-Origin Resource Sharing (CORS):
Check for misconfigurations in CORS policies. - All-in-one scanning:
Perform all available scans in a single command.
- High-Risk Profile:
- Critical-Risk Profile:
- deepscan Profile: Focuses on severe vulnerabilities, such as CVE-based attacks.
- Crawl target websites with customizable depth (
--crawl). - Automatically discover and extract URLs for scanning.
- Speed up scans with multithreading (
--threads).
- Skip prompts using the
--no-promptoption. - Automatically handle missing directories, files, and session data.
- Easily check for the latest updates (
--check-updates).
- Scan a single target:
python waymap.py --crawl 3 --target https://example.com --scan {scan_type} - Scan multiple targets from a file:
python waymap.py --crawl 3 --multi-target targets.txt --scan {scan_type} - Directly scan a single Target Without Crawling:
python waymap.py --target https://example.com/page?id=1 --scan {scan_type} - Directly Scan multiple targets from a file:
python waymap.py --multi-target targets.txt --scan {scan_type}(example url type: https://example.com/page?id=1 ) - Profile-based scanning:
python waymap.py --target https://example.com --profile high-risk/critical-risk/deepscan
- Use threading for faster scans:
python waymap.py --crawl 3 --target https://example.com --scan ssti --threads 10
- Ensure you have the latest version:
python waymap.py --check-updates
python waymap.py -h
Waymap makes web vulnerability scanning efficient and accessible. Start securing your applications today! 🎯
- Thanks SQLMAP For Payloads Xml File
IF There's Any Issue In Waymay Then Submit The Issues Here: https://github.com/TrixSec/waymap/issues
Stay updated with the latest tools and hacking resources. Join our Telegram Channel by clicking the logo below:
