Vulnerability scanner Wordpress

WAScan – Web Application Scanner

Written by Mubassir patel

WAScan – Web Application Scanner

WAScan (( W)eb (A)pplication (Scan)ner) is an Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and can run on any platform which has a Python environment.


Read This: WFuzz: The Web Fuzzer


  • Fingerprint
    • Detect Server
    • Detect Web Frameworks (22)
    • Check Cookie Security
    • Check Headers Security
    • Language (9)
    •  Operating System (OS – 8)
    •  Content Management System (CMS – 6)
    • Detect Web Application Firewall (WAF – 54)
  • Attacks
    • Bash Command Injection (ShellShock)
    • Blind SQL Injection
    • SQL Injection via Cookie, Referer, and User-Agent Header Value
    • Cross-Site Scripting (XSS) via Cookie, Referer, and User-Agent Header Value
    • Buffer Overflow
    • HTML Code Injection
    • PHP Code Injection
    • LDAP Injection
    • Local File Inclusion (lfi)
    • OS Commanding
    • SQL Injection
    • XPath Injection
    • Cross Site Scripting (XSS)
  • Audit
    • Apache Status
    • WebDAV
    • PHPInfo
    • Robots Paths
    • Cross-Site Tracing (XST)

Read This: How to hack WordPress Website  using WPSeku v0.4.0

  • Bruteforce
    • Admin Panel
    • Backdoor (shell)
    • Backup Dirs
    • Backup Files
    • Common Dirs
    • Common Files
  • Disclosure
    • Credit Cards
    • Emails
    • Private IP
    • SSN
    • Detect Warnings, Fatal Error,…


$ git clone wascan
$ cd wascan 
$ pip install -r requirements.txt
$ python

About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.

Leave a Comment