Share
## https://sploitus.com/exploit?id=C28D23A2-C7A3-5918-A6DF-5B3C0F98E420
# wafuzz โ€” Web Pentesting Orchestrator

Interactive CLI web security scanner for CTFs and bug bounty. Detects **XSS, SQLi, LFI, SSTI, CMD Injection, SSRF, and Open Redirect** with exploitation guidance.

```
โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„
โ–ˆโ–ˆ    โ–ˆโ–ˆ  โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ   โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ โ–ˆโ–ˆ    โ–ˆโ–ˆ โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ  โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ
โ–ˆโ–ˆ    โ–ˆโ–ˆ โ–ˆโ–ˆ   โ–ˆโ–ˆ  โ–ˆโ–ˆ      โ–ˆโ–ˆ  โ–ˆโ–ˆ  โ–ˆโ–ˆ         โ–ˆโ–ˆ
โ–ˆโ–ˆ    โ–ˆโ–ˆ โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ  โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ    โ–ˆโ–ˆโ–ˆโ–ˆ   โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ      โ–ˆโ–ˆ
 โ–ˆโ–ˆ  โ–ˆโ–ˆ  โ–ˆโ–ˆ   โ–ˆโ–ˆ  โ–ˆโ–ˆ       โ–ˆโ–ˆ    โ–ˆโ–ˆ         โ–ˆโ–ˆ
  โ–ˆโ–ˆโ–ˆโ–ˆ   โ–ˆโ–ˆ   โ–ˆโ–ˆ  โ–ˆโ–ˆ       โ–ˆโ–ˆ    โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ    โ–ˆโ–ˆ
โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€
```

## Features

| Module | Detection Technique |
|--------|-------------------|
| **XSS** | Reflected probe detection, context-aware payload generation (attribute/script/comment/body) |
| **SQLi** | Error-based (14 DB patterns), boolean-based, time-based (multi-DBMS), UNION-based (w4f00 markers) |
| **LFI** | `/etc/passwd`, `/proc/self/environ` fingerprinting |
| **SSTI** | Math eval (`7*7โ†’49`), config leak (`{{config}}`), self introspection (`__class__/__mro__`) |
| **CMD Injection** | Time delay (`sleep`/`ping`), output reflection (common users) |
| **SSRF** | Cloud metadata (AWS/GCP/Azure), internal port scan, `file://`/`dict://`/`gopher://` |
| **Open Redirect** | 30+ payloads with bypasses (`//`, encoding, backslash, `@`), 30x + Location check |

- **Exploitation guide** โ€” 5-7 actionable steps per vuln type with code examples, auto-displayed after findings
- **Session persistence** โ€” SQLite-backed scan history
- **Report export** โ€” JSON and Markdown formats
- **Interactive CLI** โ€” grouped menu, Rich tables, progress spinners, severity icons, color-coded output
- **Docker lab** โ€” vulnerable Flask app for testing all modules

## Quick Start

```bash
# Install dependencies
pip install -r requirements.txt

# Run against a target
python wa.py

# Or run the vulnerable lab for testing
docker compose -f docker/docker-compose.yml up
```

## Usage

```
โ•ญโ”€ SCAN โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚  1   All modules                              โ”‚
โ”‚  2   Quick CTF (XSS+SQLi+LFI)                 โ”‚
โ”‚  3   XSS only                                 โ”‚
โ”‚  4   SQLi only                                โ”‚
โ”‚  5   LFI only                                 โ”‚
โ”‚  6   SSTI only                                โ”‚
โ”‚  7   CMD Injection only                       โ”‚
โ”‚  8   SSRF only                                โ”‚
โ”‚  9   Open Redirect only                       โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
โ•ญโ”€ TOOLS โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚  10  Quick Scan                               โ”‚
โ”‚  11  Change Target                            โ”‚
โ”‚  12  View Saved Sessions                      โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
โ•ญโ”€ DATA โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚  13  Show Loaded Payloads                     โ”‚
โ”‚  14  Export Report (JSON/Markdown)            โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
โ•ญโ”€ EXPLOIT โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚  15  SQLMap Auto                              โ”‚
โ”‚  16  Exploitation Guide                       โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
โ•ญโ”€ CONFIG โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚  17  Configure Proxy / Timeout / User-Agent   โ”‚
โ”‚  18  About                                    โ”‚
โ”‚  19  Exit                                     โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
```

1. Enter target URL (with or without params)
2. Select scan modules
3. Review findings with severity ratings
4. Follow the auto-displayed exploitation steps
5. Export reports or revisit past sessions

## Architecture

```
wa.py                  # Entry point
core/
โ”œโ”€โ”€ cli.py             # Interactive CLI
โ”œโ”€โ”€ engine.py          # Scan orchestrator
โ”œโ”€โ”€ target.py          # URL + param handling
โ”œโ”€โ”€ requester.py       # HTTP client (httpx)
โ”œโ”€โ”€ session.py         # SQLite persistence
โ”œโ”€โ”€ reporter.py        # JSON/Markdown exports
โ”œโ”€โ”€ exploit.py         # Exploitation guide
โ””โ”€โ”€ utils.py           # Shared utilities
modules/
โ”œโ”€โ”€ xss/               # Cross-Site Scripting
โ”œโ”€โ”€ sqli/              # SQL Injection (error/boolean/time/union)
โ”œโ”€โ”€ lfi/               # Local File Inclusion
โ”œโ”€โ”€ ssti/              # Server-Side Template Injection
โ”œโ”€โ”€ cmd_inject/        # Command Injection
โ”œโ”€โ”€ ssrf/              # Server-Side Request Forgery
โ””โ”€โ”€ open_redirect/     # Open Redirect
docker/                # Vulnerable Flask lab
โ”œโ”€โ”€ app.py
โ”œโ”€โ”€ Dockerfile
โ”œโ”€โ”€ docker-compose.yml
โ””โ”€โ”€ init_db.py
payloads/              # Payload files (YAML/TXT)
data/
โ”œโ”€โ”€ signatures/        # Detection signatures (WAF, DB errors)
โ””โ”€โ”€ wordlists/         # Wordlists (params, paths)
```

## Requirements

- Python 3.11+
- httpx
- prompt_toolkit
- rich
- pyyaml
- markdown
- jinja2

## License

MIT