# Kali Linux Tool: Wapiti
## Section 1: Introduction & Installation
### Overview of Wapiti
Wapiti is a powerful web application vulnerability scanner that helps security professionals identify potential security issues in web applications. It is designed to detect various vulnerabilities, including:
– SQL Injection
– Cross-Site Scripting (XSS)
– File Disclosure
– Command Injection
– And many more
As part of this pentesting course, we will guide you through the installation and configuration of Wapiti on Kali Linux, provide step-by-step usage instructions, and present real-world use cases to enhance your understanding of this essential tool.
### Installation of Wapiti on Kali Linux
1. **Update Your Kali Linux System**
Before installing Wapiti, ensure that your Kali Linux system is up to date. Open a terminal and run the following commands:
sudo apt update && sudo apt upgrade -y
2. **Install Wapiti**
Wapiti is included in the Kali Linux repositories, making it easy to install. To install Wapiti, run the following command:
sudo apt install wapiti -y
3. **Verify the Installation**
After installation, you can verify if Wapiti has been installed successfully by checking its version. Run:
wapiti –version
This command should display the installed version of Wapiti, confirming the successful installation.
### Configuration of Wapiti
Wapiti does not require extensive configuration to get started, but you may want to adjust certain settings based on your testing needs.
1. **Configuration File Location**
The default configuration file for Wapiti is located at `/etc/wapiti/wapiti.conf`. You can open it with a text editor, such as nano or vim:
sudo nano /etc/wapiti/wapiti.conf
In this configuration file, you can adjust parameters such as the user agent string, output formats, and various plugin settings.
2. **Setting Up User Agents**
To customize your user agent for web requests, locate the `user_agent` line in the configuration file and modify it:
[/dm_code_snippet]plaintext
user_agent = "MyCustomUserAgent"
[/dm_code_snippet]
3. **Proxy Settings**
If you're operating behind a proxy, you can specify the proxy settings in the configuration file:
[/dm_code_snippet]plaintext
http_proxy = "http://proxyserver:port"
https_proxy = "http://proxyserver:port"
[/dm_code_snippet]
4. **Save and Exit**
Once you’ve made your changes, save the file and exit the text editor. In nano, you can do this by pressing `CTRL + X`, then `Y` to confirm, and `Enter`.
### Step-by-Step Usage of Wapiti
Now that we have installed and configured Wapiti, let’s dive into its usage. We will cover the basic commands, scanning options, and real-world scenarios.
#### Basic Command Structure
The general syntax for running Wapiti is:
"`bash
wapiti -u
"`
– `-u
– `[options]`: Additional parameters for customizing the scan.
#### Running a Basic Scan
Let’s perform a basic scan against a WordPress site. For example, say your target is `http://example.com`. You would run:
"`bash
wapiti -u http://example.com
"`
Wapiti will begin crawling the site, analyzing the forms and input fields for vulnerabilities.
#### Scanning with Specific Modules
Wapiti allows you to specify which types of vulnerabilities to scan for using the `-m` option. For example, to scan only for SQL Injection vulnerabilities, you can use:
"`bash
wapiti -u http://example.com -m sql
"`
This command limits the scan to SQL Injection checks, making your testing more focused.
#### Output Options
Wapiti provides various output formats to help you analyze the results. You can specify the output format using the `-o` option. For instance, to save the results in HTML format, use:
"`bash
wapiti -u http://example.com -o output.html
"`
#### Real-World Usage Scenarios
##### Use Case 1: Testing a WordPress Site
1. **Identify the Target URL**
Start with a target WordPress site:
TARGET_URL="http://example-wordpress-site.com"
2. **Run a Full Scan**
Execute a full scan to identify vulnerabilities:
wapiti -u $TARGET_URL
3. **Review the Results**
After the scan completes, Wapiti will generate a report detailing identified vulnerabilities.
4. **Focus on Specific Vulnerabilities**
Suppose you want to focus specifically on Cross-Site Scripting vulnerabilities:
wapiti -u $TARGET_URL -m xss
5. **Output to HTML**
Save the results in an HTML file for easy sharing:
wapiti -u $TARGET_URL -o report.html
##### Use Case 2: Testing with Authentication
For sites that require authentication, Wapiti allows you to specify login forms and cookies for authenticated sessions.
1. **Capture Login Data**
Use browser tools to capture the POST request data when logging into the web application.
2. **Run Wapiti with Login Form Data**
Assuming your login form’s action URL is `http://example.com/login`, and the parameters are user and password:
wapiti -u http://example.com -f "http://example.com/login" -d "user=admin&password=admin123"
3. **Analyze Authenticated Vulnerabilities**
Once authenticated, run the scan to see if there are vulnerabilities within the authenticated session.
### Conclusion
Wapiti is an essential tool for web application security testing, and with the steps outlined above, you can effectively utilize it to identify vulnerabilities in various web platforms, including WordPress.
This introductory section covered the installation, configuration, and basic usage of Wapiti within the Kali Linux environment. In subsequent sections, we will explore more advanced features, custom configurations, and case studies to maximize your web application security assessments.
For further reading, check the official documentation for Wapiti at [Wapiti Documentation](http://wapiti.sourceforge.net).
Made by pablo rotem / פבלו רותם