This is a software that scans and identifies vulnerabilities in web applications. It assists in identifying and reducing security gaps in applications, helping to prevent cyber attacks.
With Wapiti, you'll have access to a range of useful security features such as file handling error detection (local and remote include/require, fopen, readfile...), database injection (PHP/JSP/ASP SQL Injections and XPath Injections), cross-site scripting (XSS) injection, LDAP injection, command execution detection (eval(), system(), passtru()...), and HTTP response splitting, session fixation (CRLF injection) detection.
Wapiti can also differentiate between punctual and permanent XSS vulnerabilities, and it prints a warning whenever it finds a script allowing HTTP uploads. A warning is also issued when an HTTP 500 code is returned (useful for ASP/IIS).
Unlike other vulnerability tools like Nikto, Wapiti does not rely on a vulnerability database. Instead, it aims to discover unknown vulnerabilities in web applications. As of now, Wapiti does not provide a GUI, so you need to use it through a terminal.
Version 2.1.0: N/A