Wapiti Does not produce report for each path scanned
Kundan8000 opened this issue · 1 comments
I'm running this command
wapiti -u https://juice-shop.herokuapp.com/ -v2 -o reports.json -f json --scope folderit's scanning all the available paths eg. https://domain/foo1, https://domain/foo2 but it's generating reports for only / path.
Example:
{
"vulnerabilities": {
"Content Security Policy Configuration": [
{
"method": "GET",
"path": "/",
"info": "CSP is not set",
"level": 1,
"parameter": "",
"http_request": "GET / HTTP/1.1\nHost: juice-shop.herokuapp.com",
"curl_command": "curl \"https://juice-shop.herokuapp.com/\""
}
],
"HTTP Secure Headers": [
{
"method": "GET",
"path": "/",
"info": "X-XSS-Protection is not set",
"level": 1,
"parameter": "",
"http_request": "GET / HTTP/1.1\nHost: juice-shop.herokuapp.com",
"curl_command": "curl \"https://juice-shop.herokuapp.com/\""
}
]
}
}I want to get reports of vulnerabilities for each path available on given domain.
Example:
{
"vulnerabilities": {
"Content Security Policy Configuration": [
{
"method": "GET",
"path": "/"
},
{
"method": "GET",
"path": "/home"
}
],
"HTTP Secure Headers": [
{
"method": "GET",
"path": "/contact"
},
{
"method": "GET",
"path": "/contact/success"
}
]
}
}Indeed it is the current behavior of several modules like that.
It will certainly be reconsidered when a passive module system would be integrated to Wapiti.
It brings one question however: after how many of those findings should we stop displaying them?
Most closed-source et cloud based solution will print a few then indicate "X more found", this is certainly the way to go as having thousands of entries of the same type can be annoying.
How much is enough ? 50 maybe ?