第一种方法:
[color=red]root@kali:~# wapiti http://www.xxxoootest.com/ --v 2[/color]
第二种,需密码认证:
[color=red] wapiti http://www.xxxoootest.com -a admin%password --v 2[/color]
第三种种方法,带cookie跑:
Step 1)可以使用下面命令生成cookie
[color=red]root@kali:~# python /usr/share/wapiti/getcookie.py ~/cookie.txt http://www.xxxoootest.com/[/color]
注意两点:
1. url必须以http://开头,否则报错
2. url可能需要以/结尾
Step 2)使用下面命令check漏洞
[color=red]root@kali:~# wapiti http://www.xxxoootest.com/ --cookie cookie.txt --v 2[/color]
Wapiti-1.1.6 (wapiti.sourceforge.net)
http://www.xxxoootest.com/
http://www.xxxoootest.com/index.php
Attacking urls (GET)...
-----------------------
Attacking forms (POST)...
-------------------------
+ http://www.xxxoootest.com/index.php
{'uname': 'http://www.google.fr/', 'psw': 'on', 'btnLogin': 'Login'}
[color=red]root@kali:~# wapiti http://www.xxxoootest.com/ --v 2[/color]
第二种,需密码认证:
[color=red] wapiti http://www.xxxoootest.com -a admin%password --v 2[/color]
第三种种方法,带cookie跑:
Step 1)可以使用下面命令生成cookie
[color=red]root@kali:~# python /usr/share/wapiti/getcookie.py ~/cookie.txt http://www.xxxoootest.com/[/color]
注意两点:
1. url必须以http://开头,否则报错
2. url可能需要以/结尾
Step 2)使用下面命令check漏洞
[color=red]root@kali:~# wapiti http://www.xxxoootest.com/ --cookie cookie.txt --v 2[/color]
Wapiti-1.1.6 (wapiti.sourceforge.net)
http://www.xxxoootest.com/
http://www.xxxoootest.com/index.php
Attacking urls (GET)...
-----------------------
Attacking forms (POST)...
-------------------------
+ http://www.xxxoootest.com/index.php
{'uname': 'http://www.google.fr/', 'psw': 'on', 'btnLogin': 'Login'}