Cybersec
/
wapiti
mirror of https://github.com/wapiti-scanner/wapiti.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
866 Commits 2 Branches 16 Tags 60 MiB
Commit Graph

866 Commits

Author SHA1 Message Date
Oussama BENGHECHOUA 1e90f3cf37 Update doc 
Update wapiti documentation including the new features
 2024-05-15 17:19:35 +02:00
bretfourbe cb0dadd0fe fix false positive forti detection, add fortiweb and fortianalyzer 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-05-13 22:11:57 +02:00
bretfourbe 8ad4671760 Fix headless wapp for confidence 0 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-05-06 22:39:56 +02:00
dependabot[bot] 20a851ee54 Bump aiohttp from 3.9.3 to 3.9.4 
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.9.3 to 3.9.4.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.3...v3.9.4)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-06 22:30:36 +02:00
Oussama 2f2dd004ca Fix directory redirection (Issue #6) 
Handle the verification of (is_directory_redirection) in the must_attack function
 2024-05-01 19:06:14 +00:00
Oussama ea135d16e6
Update Wordpress Hash File 
Include the new versions of WordPress
 2024-04-30 17:44:42 +02:00
bretfourbe 2cf12d577a Remove exit on swagger errros, add test case 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-04-26 15:42:47 +02:00
Ryukouss 9f93179715 Add Citrix to mod_network_device 
Add Citrix products detection for module network_device
 2024-04-24 15:55:45 +02:00
devloop 6bee660061 ignore JSON requests in mod_csrf 2024-04-20 07:40:05 +02:00
devloop c21e85a47d Attack JSON body of HTTP requests through a new part of the default mutator + modified the mutate() function so mod_ssrf can now use it too 2024-04-20 07:40:05 +02:00
Philippe Noel 5e4a0f147b Ajouter un fichier .gitlab-ci.yml 
- Utilisation de deux images pour python 10 et 11.
  - Utilisation de bullseye pour correspondre avec les images des Dockerfiles
- Suppression de la partie intégration car le script run.sh laisse trop de cadavres.
 2024-04-10 15:06:55 +02:00
bretfourbe f902951442 Add network_device_common class + fix consistency 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-04-10 14:43:36 +02:00
Oussama BENGHECHOUA dec4f2624b Add Harbor Detection 
Add Harbor detection for module network_device.
 2024-04-05 10:41:01 +02:00
bretfourbe 26997b3223 Fix headless explorer clean method 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-03-26 13:46:51 +01:00
bretfourbe 9873d100fe Fix max-scan-time and missing timeout in headless explorer 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-03-25 17:58:59 +01:00
Oussama BENGHECHOUA 4c101de27e Update CMS Hash Files 
Update all the hash files of CMS to include new versions
 2024-03-25 15:20:52 +00:00
bretfourbe b8b0e1278b Fix max-scan-time and missing timeout in headless explorer 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-03-22 16:29:58 +00:00
Philippe Noel c97316cfe6 Update firefox and geekodrive to the last version in Dockerfile.headless 2024-03-20 17:27:29 +01:00
Ryukouss 3e0baf6f4a Add Fortinet detection 
Add Fortinet products detection for module network_device
 2024-03-20 10:19:20 +01:00
bretfourbe ef3550d994 Add gitlab private token for --wapp-url 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-03-20 10:16:33 +01:00
Ryukouss e43992f35c Update hash file 
Updating the drupal_hash_files.json to identify new versions
 2024-03-19 13:43:30 +01:00
bretfourbe 5ecd2e66a2 Fix exception handling in main wapiti 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-03-19 10:13:21 +01:00
Darkiros a31bc6978e Adding Swagger Scanner 2024-03-18 23:14:24 +01:00
slokilla 0aa0c76bfc Supprimer le job de constance des dépendancess 
Puisqu'on utilise que pyproject.toml, ce job peut sereinement partir en retraite.
 2024-03-15 20:29:26 +01:00
slokilla 489b96120a Fixer les versions dans le pyproject.toml 
Sans pipfile.lock, nous n'avons plus de garanties que wapiti aura été testé avec
les librairies installées.

Pour palier les problèmes, fixons toutes les versions. Nous ferons confiance au dépendabot
pour nous prévenir quand des nouvelles versions seront disponibles.
 2024-03-15 20:29:26 +01:00
slokilla ea184ca0e7 Supprimer pipfile et pipfile.lock 
Je n'ai pas trouvé de cas d'usage de ces fichiers, les installation et les dockerfiles faisant bon usage de pyproject.toml. Abandonnons ces fichiers.
 2024-03-15 20:29:26 +01:00
bretfourbe 56e46e3c0a Update dependencies 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-03-13 20:47:12 +01:00
Ryukouss 8aa156b33d Add a level to -dr option 
Add a level to  choose  the verbosity of the detailed report
 2024-03-13 16:12:24 +01:00
Darkiros 073632ece9 Fix issue #570 2024-03-08 10:23:51 +01:00
Ryukouss 73f975c1b0 Add a "wapp-dir" option 
add an option "wapp-dir" for  to update the wapp database from local files
 2024-03-06 14:17:28 +01:00
bretfourbe 8efae4c3f1 Fix headless wapp version detection 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-03-04 09:14:41 +01:00
Ryukouss 3484a5905d Add module for network devices 
Add a module to detect network devices with version when possible
 2024-03-01 11:29:31 +01:00
Ryukouss 4155ac8a80 Fix the issue #559 
Fixing the errors output
 2024-03-01 10:52:05 +01:00
Darkiros 206d6ec5ef Ordering scope parameters orders 2024-02-12 11:42:31 +01:00
Ryukouss 278ce8322a Fixing security issues 
Updating packages on Pipfile and pyproject.toml
 2024-02-08 18:19:51 +01:00
Ryukouss 0525d185c5 Add an option for Wapp module and update 
Adding  the "--wapp-url" option to customise the update URL of the Wappalyzer database
 2024-02-06 17:52:26 +01:00
Ryukouss 910b77b885 Fix issue #546 
Add an exception to catch the error caused by some files with bad format
 2024-02-05 10:13:43 +01:00
Samir Ali-cherif 5784e975ee GH Actions Security update 2024-02-05 10:09:47 +01:00
bretfourbe 7531758d2c add test for max-attack-time 
Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
 2024-01-31 11:14:33 +01:00
RMI78 a37121d7c2 removed the preg_replace heuristic 2024-01-15 20:48:52 +01:00
Ryukouss 79061516d0 Add a WordPress scanner 
Add a scan for WordPress to the cms module
 2024-01-08 14:23:58 +01:00
bretfourbe 4bee8890ed update dependencies (pipfile + pyproject) 2023-12-21 17:53:46 +01:00
slokilla 35071dcf35 Make dependencies consistant 2023-12-20 15:23:06 +01:00
slokilla 77862b4b13 Adding a job to check differences between pyproject.toml & pipfile 2023-12-20 15:23:06 +01:00
bretfourbe 00093bae18 fix pylint json_mutator 2023-12-20 14:16:55 +01:00
devloop 018f678332 JSON Mutator 2023-12-09 15:29:12 +01:00
Ryukouss c60eaf42d5 Add a SPIP scanner to cms module 
Adding a SPIP CMS scanner to the list of cms module
 2023-12-05 13:59:02 +01:00
bretfourbe 88cb2b18c1 add new method to keep max-attack-time behavior 2023-11-27 21:02:34 +01:00
bretfourbe 6d35f47350 Remove max-attack-time tests in modules 2023-11-27 17:21:22 +01:00
bretfourbe 487e1519b8 fix max-attack-time 2023-11-27 17:21:22 +01:00