β οΈ Security Notice: Never commit API keys, credentials, or sensitive data. Useconfig/secrets.sh.exampleas a template and store actual secrets insecrets.sh(git-ignored). See SECURITY.md for details.
WAES (Web Auto Enum & Scanner) is a professional-grade bash-based web enumeration and reconnaissance platform designed for Capture The Flag (CTF) competitions, Bug Bounty hunting, and Penetration Testing engagements.
- π― Multi-Stage Scanning: Fast, Full, Deep, and Advanced scan modes
- π§ Profile-Driven: Pre-configured YAML profiles for different use cases
- π‘οΈ WAF Detection & Evasion: Automatic firewall detection with bypass techniques
- π Comprehensive Enumeration: DNS, subdomain, metadata, cloud bucket scanning
- π Security Testing: SSL/TLS, XSS, SQLi, CMS, API, authentication testing
- π Advanced Scanning: Nuclei integration, fuzzing, JavaScript analysis
- π Professional Reporting: HTML, JSON, CSV, XML, and Markdown exports
- πΎ State Management: Resume interrupted scans from where they left off
- π Extensible: Plugin system for custom integrations
- π³ Container-Ready: Full Docker and Docker Compose support
# Clone the repository
git clone https://github.com/yourusername/waesG2.git
cd waesG2
# Run the installer
sudo ./install.sh
# Make waesG2.sh executable
chmod +x waesG2.sh# Fast reconnaissance scan
./waesG2.sh -u example.com -t fast
# Full scan with standard profile
./waesG2.sh -u https://example.com --profile web-app
# Advanced scan with all modules
./waesG2.sh -u example.com -t advanced
# Bug bounty profile
./waesG2.sh -u example.com --profile bug-bounty
# CTF optimized scan
./waesG2.sh -u 10.10.10.10 --profile ctf-box
# Dry run (test without scanning)
./waesG2.sh -u example.com --profile quick-scan --dry-run| Type | Duration | Description |
|---|---|---|
fast |
2-3 min | Quick reconnaissance (WAF, tech fingerprint, HTTP enum) |
full |
10-15 min | Balanced scan (fast + deep + standard nmap) |
deep |
30-45 min | In-depth analysis (fuzzing, security tests) |
advanced |
45-60 min | Complete assessment (all modules) |
| Profile | Use Case | Duration | Key Features |
|---|---|---|---|
quick-scan |
Fast recon | 2-3 min | DNS, tech fingerprint, WAF detect |
web-app |
Standard assessment | 10-15 min | SSL, XSS, CMS, JS analysis |
bug-bounty |
Bug hunting | 20-30 min | All security tests, OSINT, nuclei |
ctf-box |
CTF competition | 5-10 min | SQLi, fuzzing, writeup gen, chains |
Usage: ./waesG2.sh [OPTIONS]
Required:
-u, --url <target> Target URL, IP, or domain
Scan Options:
-t, --type <type> Scan type: fast|full|deep|advanced (default: full)
-p, --port <port> Target port (default: 80/443)
--profile <name> Load scan profile (quick-scan|web-app|bug-bounty|ctf-box)
Features:
--ssl-analyze Enable SSL/TLS analysis
--xss Enable XSS scanning
--sqli Enable SQL injection testing
--cms Enable CMS detection and scanning
--nuclei Enable Nuclei vulnerability scanning
--osint Enable OSINT enumeration
--fuzzing Enable fuzzing attacks
--dry-run Test without actual scanning
Control:
-r, --resume Resume previous scan
--stealth <level> Stealth mode: low|medium|high|paranoid
-o, --output <dir> Output directory (default: ./report)
Information:
-h, --help Show this help message
--list-profiles List available scan profiles
--version Show version information
waesG2/
βββ waesG2.sh # Main entry point
βββ install.sh # Dependency installer
βββ test_waesG2.sh # Comprehensive test suite
βββ config/ # Configuration files
β βββ config.sh # Main configuration
β βββ config.sh.example # Example configuration
β βββ secrets.sh.example # API keys template (NEVER commit actual keys!)
βββ lib/ # Core library modules
βββ profiles/ # Scan profiles (YAML)
βββ plugins/ # Extension plugins
βββ tools/ # Helper utilities
βββ logs/ # Test results and logs
βββ report/ # Scan output (generated)
βββ docs/ # Documentation
- OS: Linux (Kali, Debian, Ubuntu, Arch, RHEL)
- Bash: Version 4.0 or higher
- Tools: nmap, nikto, gobuster, wafw00f, sslscan, and more (auto-installed)
- Privileges: Root/sudo for network scanning
- Quick Start Guide
- API Reference
- Plugin Development
- Profile Customization
- Troubleshooting
- Architecture
| Issue | Solution |
|---|---|
Permission denied |
Run with sudo or fix permissions: chmod +x waesG2.sh |
command not found: nmap |
Run sudo ./install.sh to install dependencies |
| Test timeouts | Add --dry-run flag to test without network calls |
| Profile not found | Check profile name with --list-profiles |
| State file errors | Delete old state files: rm -f report/.waesG2_state_*.json |
# Enable verbose output
./waesG2.sh -u example.com -t fast -v
# Check script syntax
bash -n waesG2.sh
bash -n lib/*.sh
# Run tests
./test_waesG2.sh# Build the image
docker build -t waesG2:latest .
# Run a scan
docker run --rm -v $(pwd)/report:/opt/waesG2/report waesG2:latest -u example.com
# Using Docker Compose
docker-compose up -dContributions are welcome! Please read our Contributing Guidelines and Code of Conduct before submitting pull requests.
See SECURITY.md for security policies and responsible disclosure.
This project is licensed under the MIT License - see the LICENSE file for details.
WAES Project Team
- All the amazing open-source security tools integrated into WAES
- The security research community
- Contributors and testers
Version: 1.0.0
Status: Active Development
Tests: