Skip to content

v5.2.1

Choose a tag to compare

View all tags
@TrixSec TrixSec released this 11 Nov 18:43
· 9 commits to main since this release
v5.2.1
643028a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Waymap - Web Vulnerability Scanner.

Current Version: 5.2.1
Author: Trix Cyrus
Copyright: © 2024 Trixsec Org
Maintained: Yes

What is Waymap?

Waymap is a fast and optimized And Automated web vulnerability scanner designed for penetration testers. It effectively identifies vulnerabilities by testing against a variety of payloads.

Latest Update

v5.2.1

  • New Sql Injection Scanning Module
  • High Accuracy And Less False Positive
  • Access it using: --scan sqli

Waymap Features

  1. Vulnerability Scanning Modules:

    • SQL Injection (SQLi)
    • Command Injection
    • Server-Side Template Injection (SSTI) with threading support
    • Cross-Site Scripting (XSS) with filter bypass payload testing and threading support
    • Local File Inclusion (LFI) with threading support
    • Open Redirect with custom thread count
    • Carriage Return and Line Feed (CRLF) with custom threading
    • Cross-Origin Resource Sharing (CORS) with threading support
    • Critical and High-Risk Scan Profiles using CVE exploits (32 CVEs: WordPress - 19, Drupal - 4, Joomla - 7, Generic/Others - 2)

  2. Web Crawling:

    • Initial crawling functionality
    • Enhanced crawler to operate within target domain boundaries and handle URL redirection
    • Advanced crawler capable of any-depth crawling
    • Improved v3 crawler (competitive with SQLmap crawler)

  3. Concurrency & Threading:

    • Concurrency to utilize multiple CPU threads for faster scans
    • Custom thread count for Open Redirect, CRLF, and CORS scans
    • New argument --threads/-T for global threading count (no prompt for threads)

  4. Multi-Target Scanning:

    • Support for scanning multiple URLs with --multi-target {targetfilename}.txt
    • Ability to scan URLs directly without crawling using --url/-u and --multi-url/-mu arguments

  5. Automation and Convenience:

    • Auto-update functionality (version-dependent)
    • New argument --check-updates to check for and perform updates
    • New argument --random-agent to randomize user-agents
    • Header usage to make requests appear more legitimate and reduce detection/blocking
    • Argument --no-prompt/-np to disable prompts (default input = 'n')

  6. Scan Profiles & Severity-Based Scanning:

    • New critical and high-risk scan profiles (--scan critical-risk and --scan high-risk) using severity-based CVE exploits
    • Argument --profile critical-risk/high-risk with --profileurl for streamlined scanning based on CVE severity

  7. Logging and Stability:

    • Logging functionality for scan sessions
    • Various bug fixes and optimizations for stability and processing speed
Assets 2
Loading