Web Application Security Scanner in Kali Linux - Spaghetti


Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment.


Features

Fingerprint

  • Content Management System (CMS)
  • Web Frameworks
  • Cookies/Headers Security
  • Languages
  • Operating Systems (OS)
  • Server
  • Web App Firewall (WAF)

Attacks


Audit

  • Apache Status Page
  • Open Redirect
  • PHPInfo
  • Robots.txt
  • XST

Bruteforce

  • Admin Panel
  • Common Backdoor
  • Common Backup Dir
  • Common Backup File
  • Common Dir
  • Common File
  • Hidden Parameters

Disclosure

  • Credit Cards
  • Emails
  • Private IP
  • Errors -> (fatal errors,...)
  • SSN


Lets Start with Web Application Security Scanner

Step 1 :-You need to download Spaghetti tool by executing this command in terminal window of kali linux.

git clone https://github.com/m4ll0k/Spaghetti.git

Web Application Security Scanner in Kali Linux - Spaghetti


Step 2 :- Now install the all requiremets.

pip install -r requirements.txt

Web Application Security Scanner in Kali Linux - Spaghetti


Step 3 :-Now you can run this tool easily, that give this command ./spaghetti.py and press enter button.


Web Application Security Scanner in Kali Linux - Spaghetti


Step 4 :-Then Enter your Target Website.

Here I have used "techtrick.in" for demo purpose.

./spaghetti.py -u www.techtrick.in -s 0

Web Application Security Scanner in Kali Linux - Spaghetti


For References :-




Thank you for reading this article. Do let me know for any queries in comment section below.



Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Stay Connected

Popular Posts

Get Latest Stuff Through Email


Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..