Today, we are going to talk about a powerful web application scanner named WAScan.

WAScan stands for Web Application Scanner, it also completely open source. The purpose of the tool is to gather information and find various vulnerabilities assuming a”black-box” model. WAScan is built on Python 2.7 and can run on any platform which has a Python environment.

The features of WAScan allows it to fingerprint, audit, bruteforce and disclose sensitive information of a web application.

Let’s Get started

First, we need to clone the application using the following command:

git clone

After a successful clone, your screen should look like that:

Then we change directory to WAScan by typing the following:

cd WAScan 


Then we run the tool using the following command:


Then the application will display its help menu. Your screen should look like the below screenshot:

Then, if you want to perform specific attacks, you should then type the desired command within the relevant parameters.

The tool provides guides on what commands to use along with its parameters..

So we type the following command:

python --url --scan 0

The 0 parameter is used to fingerprint a server.

So the tool should gather information about the web application, and should return a result like that:

This tool is cool.  Let’s run another test 🙂 , using the following command:

python --url --scan 2

The 2 parameter is used to perform an audit against the web application. The tools will be auditing the web application against phpinfo, openredirect etc…

We run the command, and your screen should look like that:

The tool also supports other types of tests when typing any of the following command:

python --url --scan 5 --auth "admin:1234"

python --url --scan 5 --data "id=1" --method POST

python --url --scan 5 --auth "admin:1234" --proxy

python --url --scan 5 --auth "admin:1234" --proxy --proxy-auth "root:4321"

python --url --scan 5 --auth "admin:1234" --proxy --proxy-auth "root:4321 --ragent -v

You can try these commands and explore the different features of the application on your own.

What Bunny Rating Does it Get

This tool has different useful features. As a penetration tester, you can gather information, check for common vulnerabilities as well as perform different attacks against the web application. You can do all this using one tool. This tool has features that other tools don’t. Moreover, the tools has an easy to us guide. The instructions on how a penetration tester can use the tool are clear, however sometimes the tool can be absent in providing verbose notifications, I will be awarding this tool 3.5 out of 5 bunnies.

Want to learn more about ethical hacking?

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

The following two tabs change content below.

I am a programmer, ethical hacker, Digital forensics investigator and cyber security trainer. I love promoting cyber security awareness and sharing my knowledge and experience. I also provide cyber security consultancy to organizations.

This content was originally published here.