You must be registered for see images attach
CPH: SEC WAES at a Glance
Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb, and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script, the enum process can be optimized while saving time for hackers. This is what CPH: SEC WAES or Web Auto Enum & Scanner is created for. WAES runs 4 steps of scanning against the target (see more below) to optimize the time spent scanning. While multi-core or multi-threaded scanning could be implemented it will almost surely get boxes to hang and so is undesirable.- From the current version and forward WAES will include an install script (see below) as the project moves from alpha to beta phase.
- WAES could have been developed in python but good bash projects are needed to learn bash.
- WAES is currently made for CTF boxes but is moving towards online uses (see todo section)
To install:
Make sure directories are set correctly in supergobuster.sh. Should be automatic with Kali & Parrot Linux.2. $> cd WAES
- $> git clone
You must be registered for see links
3. $> sudo ./install.sh
- Standard directories for lists : SecLists/Discovery/Web-Content & SecLists/Discovery/Web-Content/CMS
- Kali / Parrot directory list : /usr/share/wordlists/dirbuster/
To run WAES
Web Auto Enum & Scanner - Auto enums website(s) and dumps files as result.##############################################################################
$$
Web Auto Enum & Scanner Auto enums website(s) and dumps files as result
$$
##############################################################################
Usage: waes.sh -u {IP} waes.sh -h
$$
-h shows this help -u IP to test eg. 10.10.10.123 -p port nummer (default=80) Example: ./waes.sh -u 10.10.10.130 -p 8080
$$
Enumeration Process / Method
WAES runs …Step 0 - Passive scan - (disabled in the current version)
- whatweb - aggressive mode
- OSIRA (same author) - looks for subdomains
- wafw00 - firewall detection
- nmap with http-enum
- nmap - with NSE scripts: http-date,http-title,http-server-header,http-headers,http-enum,http-devframework,http-dombased-xss,http-stored-xss,http-xssed,http-cookie-flags,http-errors,http-grep,http-traceroute
- nmap with vulscan (CVSS 5.0+)
- nikto - with evasion A and all CGI dirs
- uniscan - all tests except stress test (qweds)
- super gobuster
- gobuster with multiple lists
- dirb with multiple lists
- xss scan (to come)
To Do
- Implement domain as input
- Add XSS scan
- Add SSL/TLS scanning
- Add domain scans
- Add golismero
- Add dirble
- Add progressbar
- Add CMS detection
- Add CMS specific scans