Friday, 15 September 2017
One comments

Spaghetti A Web Application Security Scanner Tool

 Spaghetti A Web Application Security Scanner Tool


Spaghetti is A Web Application Security Scanner Tool


It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python 2.7 and can run on any platform which has a Python environment.


Installation


$ git clone https://github.com/m4ll0k/Spaghetti.git
$ cd Spaghetti 
$ pip install -r requirements.txt
$ python spaghetti.py --help


Features


  • Fingerprints

  1. Server
  2. Web Frameworks (CakePHP,CherryPy,Django,...)
  3. Web Application Firewall (Waf) (Cloudflare,AWS,Barracuda,...)
  4. Content Management System (CMS) (Drupal,Joomla,Wordpress,Magento)
  5. Operating System (Linux,Unix,Windows,...)
  6. Language (PHP,Ruby,Python,ASP,...)

Example: python spaghetti.py --url target.com --scan 0 --random-agent --verbose


Discovery


  • Apache

  1. Apache (mod_userdir)
  2. Apache (mod_status)
  3. Apache multiviews
  4. Apache xss

  • Broken Auth./Session Management

  1. Admin Panel
  2. Backdoors
  3. Backup Directory
  4. Backup File
  5. Common Directory
  6. Common File
  7. Log File

  • Disclosure


  1. Emails
  2. IP


  • Injection

  1. HTML
  2. SQL
  3. LDAP
  4. XPath
  5. XSS
  6. RFI
  7. PHP Code

  • Other

  1. Allow Methods
  2. HTML Object
  3. Multiple Index
  4. Robots Paths
  5. Cookie Security

  • Vulns


  1. ShellShock
  2. Struts-Shock

Example: python spaghetti.py --url target.com --scan 1 --random-agent --verbose


Download Spaghetti

1 comments:

 
Toggle Footer
Top