Current Version: 5.4.1
Author: Trix Cyrus
Copyright: © 2024 Trixsec Org
Maintained: Yes
Waymap is a fast and optimized And Automated web vulnerability scanner designed for penetration testers. It effectively identifies vulnerabilities by testing against a variety of payloads.
Check out this video to see Waymap in action:
- New Sql Injection Scanning Module
- High Accuracy And Less False Positive
- Access it using: --scan sqli
- Added Boolean Based Sqli Testing (OWN LOGIC)
- High Accuracy, Can Give False Positive Sometimes
- Access it using: --scan sqli
- Updated CVE Testing Logic in Profile-Critical CMS-Wordpress
- Added a More Better Logic
-
Vulnerability Scanning Modules:
- SQL Injection (SQLi)
- Command Injection
- Server-Side Template Injection (SSTI) with threading support
- Cross-Site Scripting (XSS) with filter bypass payload testing and threading support
- Local File Inclusion (LFI) with threading support
- Open Redirect with custom thread count
- Carriage Return and Line Feed (CRLF) with custom threading
- Cross-Origin Resource Sharing (CORS) with threading support
- Critical and High-Risk Scan Profiles using CVE exploits (32 CVEs: WordPress - 19, Drupal - 4, Joomla - 7, Generic/Others - 2)
-
Web Crawling:
- Initial crawling functionality
- Enhanced crawler to operate within target domain boundaries and handle URL redirection
- Advanced crawler capable of any-depth crawling
- Improved v3 crawler (competitive with SQLmap crawler)
-
Concurrency & Threading:
- Concurrency to utilize multiple CPU threads for faster scans
- Custom thread count for Open Redirect, CRLF, and CORS scans
- New argument
--threads/-T
for global threading count (no prompt for threads)
-
Multi-Target Scanning:
- Support for scanning multiple URLs with
--multi-target {targetfilename}.txt
- Ability to scan URLs directly without crawling using
--url/-u
and--multi-url/-mu
arguments
- Support for scanning multiple URLs with
-
Automation and Convenience:
- Auto-update functionality (version-dependent)
- New argument
--check-updates
to check for and perform updates - New argument
--random-agent
to randomize user-agents - Header usage to make requests appear more legitimate and reduce detection/blocking
- Argument
--no-prompt/-np
to disable prompts (default input = 'n')
-
Scan Profiles & Severity-Based Scanning:
- New critical and high-risk scan profiles (
--scan critical-risk
and--scan high-risk
) using severity-based CVE exploits - Argument
--profile critical-risk/high-risk
with--profileurl
for streamlined scanning based on CVE severity
- New critical and high-risk scan profiles (
-
Logging and Stability:
- Logging functionality for scan sessions
- Various bug fixes and optimizations for stability and processing speed
git clone https://github.com/TrixSec/waymap.git
pip install .
python waymap.py --crawl 1 --scan sql/cmdi/ssti/xss/lfi/open-redirect/crlf/cors/all --target/--multi-target https://example.com/{filename}.txt
python waymap.py --scan sql/cmdi/ssti/xss/lfi/open-redirect/crlf/cors/all --url/--mutli-url https://example.com/index.php?id=1/{filename}.txt
python waymap.py -h
- Thanks SQLMAP For Payloads Xml File
IF There's Any Issue In Waymay Then Submit The Issues Here: https://github.com/TrixSec/waymap/issues
Stay updated with the latest tools and hacking resources. Join our Telegram Channel by clicking the logo below: