Web Application Security Scanner in Kali Linux - Spaghetti

Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment.

Features

Fingerprint

• Content Management System (CMS)
• Web Frameworks
• Cookies/Headers Security
• Languages
• Operating Systems (OS)
• Server
• Web App Firewall (WAF)

Attacks

• Bash Commands Injection
• Blind SQL Injection
• Buffer Overflow
• XSS in Headers
• Carriage Return Line Feed
• SQL Injection in Headers
• HTML Injection
• LDAP Injection
• Local File Inclusion
• OS Commanding
• PHP Code Injection
• SQL Injection
• Server Side Injection
• XPath Injection
• Cross Site Scripting
• XML External Entity

Audit

• Apache Status Page
• Open Redirect
• PHPInfo
• Robots.txt
• XST

Bruteforce

• Admin Panel
• Common Backdoor
• Common Backup Dir
• Common Backup File
• Common Dir
• Common File
• Hidden Parameters

Disclosure

• Credit Cards
• Emails
• Private IP
• Errors -> (fatal errors,...)
• SSN

Lets Start with Web Application Security Scanner

Step 1 :-You need to download Spaghetti tool by executing this command in terminal window of kali linux.

git clone https://github.com/m4ll0k/Spaghetti.git

Step 2 :- Now install the all requiremets.

pip install -r requirements.txt

Step 3 :-Now you can run this tool easily, that give this command ./spaghetti.py and press enter button.

Step 4 :-Then Enter your Target Website.

Here I have used "techtrick.in" for demo purpose.

./spaghetti.py -u www.techtrick.in -s 0

Thank you for reading this article. Do let me know for any queries in comment section below.