Crazy Lean Belly: Spaghetti: A Website Applications Security Scanner

About Spaghetti
Author: m4ll0k

Github: m4ll0k
Twitter: m4ll0k

Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on Python 2.7 and can run on any platform which has a Python environment.

Spaghetti Installation:

Spaghetti's Features:
Fingerprints:

Server:
Web Frameworks (CakePHP,CherryPy,...)
Web Application Firewall (Waf)
Content Management System (CMS)
Operating System (Linux,Unix,..)
Language (PHP,Ruby,...)
Cookie Security

Discovery:

Bruteforce:Admin Interface
Common Backdoors
Common Backup Directory
Common Backup File
Common Directory
Common FileLog File
Disclosure: Emails, Private IP, Credit Cards

Attacks:

HTML Injection
SQL Injection
LDAP Injection
XPath Injection
Cross Site Scripting (XSS)
Remote File Inclusion (RFI)
PHP Code Injection

Other:

HTTP Allow Methods
HTML Object
Multiple Index
Robots Paths
Web Dav
Cross Site Tracing (XST)
PHPINFO
.Listing

Vulns:

ShellShock
Anonymous Cipher (CVE-2007-1858)
Crime (SPDY) (CVE-2012-4929)
Struts-Shock

Spaghetti Example:
python spaghetti --url example.com --scan 0 --random-agent --verbose

Download Spaghetti

Crazy Lean Belly

Monday, 24 August 2020

Spaghetti: A Website Applications Security Scanner

More information

No comments:

Post a Comment