W13scan 是基于Python3的一款开源的Web漏洞发现工具,它支持主动扫描模式和被动扫描模式,能运行在Windows、Linux、Mac上。
usage: w13scan [options]
optional arguments:
-h, --help show this help message and exit
-v, --version Show program's version number and exit
--debug Show programs's exception
--level {1,2,3,4,5} different level use different payload: 0-5 (default 2)
Proxy:
Passive Agent Mode Options
-s SERVER_ADDR, --server-addr SERVER_ADDR
server addr format:(ip:port)
Target:
options has to be provided to define the target(s)
-u URL, --url URL Target URL (e.g. "http://www.site.com/vuln.php?id=1")
-f URL_FILE, --file URL_FILE
Scan multiple targets given in a textual file
Request:
Network request options
--proxy PROXY Use a proxy to connect to the target URL
eg:[email protected]:8080 or [email protected]:1080
--timeout TIMEOUT Seconds to wait before timeout connection (default 30)
--retry RETRY Time out retrials times.
Output:
output
--html When selected, the output will be output to the output
directory by default, or you can specify
--json JSON The json file is generated by default in the output
directory, you can change the path
Optimization:
Optimization options
-t THREADS, --threads THREADS
Max number of concurrent network requests (default 31)
--disable DISABLE [DISABLE ...]
Disable some plugins (e.g. --disable xss sqli_error
webpack)
--able ABLE [ABLE ...]
Enable some moudle (e.g. --enable xss webpack)
git clone https://github.com/w-digital-scanner/w13scan.git
cd w13scan # 进入git目录
pip3 install -r requirements.txt
cd W13SCAN # 进入源码目录
python3 w13scan.py -h
工具下载及项目地址:
https://github.com/w-digital-scanner/w13scan
推荐阅读