Share
## https://sploitus.com/exploit?id=C28D23A2-C7A3-5918-A6DF-5B3C0F98E420
# wafuzz โ Web Pentesting Orchestrator
Interactive CLI web security scanner for CTFs and bug bounty. Detects **XSS, SQLi, LFI, SSTI, CMD Injection, SSRF, and Open Redirect** with exploitation guidance.
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ โโ โโโโโ โโโโโโโ โโ โโ โโโโโโโ โโโโโโโ
โโ โโ โโ โโ โโ โโ โโ โโ โโ
โโ โโ โโโโโโโ โโโโโ โโโโ โโโโโ โโ
โโ โโ โโ โโ โโ โโ โโ โโ
โโโโ โโ โโ โโ โโ โโโโโโโ โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
## Features
| Module | Detection Technique |
|--------|-------------------|
| **XSS** | Reflected probe detection, context-aware payload generation (attribute/script/comment/body) |
| **SQLi** | Error-based (14 DB patterns), boolean-based, time-based (multi-DBMS), UNION-based (w4f00 markers) |
| **LFI** | `/etc/passwd`, `/proc/self/environ` fingerprinting |
| **SSTI** | Math eval (`7*7โ49`), config leak (`{{config}}`), self introspection (`__class__/__mro__`) |
| **CMD Injection** | Time delay (`sleep`/`ping`), output reflection (common users) |
| **SSRF** | Cloud metadata (AWS/GCP/Azure), internal port scan, `file://`/`dict://`/`gopher://` |
| **Open Redirect** | 30+ payloads with bypasses (`//`, encoding, backslash, `@`), 30x + Location check |
- **Exploitation guide** โ 5-7 actionable steps per vuln type with code examples, auto-displayed after findings
- **Session persistence** โ SQLite-backed scan history
- **Report export** โ JSON and Markdown formats
- **Interactive CLI** โ grouped menu, Rich tables, progress spinners, severity icons, color-coded output
- **Docker lab** โ vulnerable Flask app for testing all modules
## Quick Start
```bash
# Install dependencies
pip install -r requirements.txt
# Run against a target
python wa.py
# Or run the vulnerable lab for testing
docker compose -f docker/docker-compose.yml up
```
## Usage
```
โญโ SCAN โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ 1 All modules โ
โ 2 Quick CTF (XSS+SQLi+LFI) โ
โ 3 XSS only โ
โ 4 SQLi only โ
โ 5 LFI only โ
โ 6 SSTI only โ
โ 7 CMD Injection only โ
โ 8 SSRF only โ
โ 9 Open Redirect only โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ TOOLS โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ 10 Quick Scan โ
โ 11 Change Target โ
โ 12 View Saved Sessions โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ DATA โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ 13 Show Loaded Payloads โ
โ 14 Export Report (JSON/Markdown) โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ EXPLOIT โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ 15 SQLMap Auto โ
โ 16 Exploitation Guide โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ CONFIG โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ 17 Configure Proxy / Timeout / User-Agent โ
โ 18 About โ
โ 19 Exit โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
```
1. Enter target URL (with or without params)
2. Select scan modules
3. Review findings with severity ratings
4. Follow the auto-displayed exploitation steps
5. Export reports or revisit past sessions
## Architecture
```
wa.py # Entry point
core/
โโโ cli.py # Interactive CLI
โโโ engine.py # Scan orchestrator
โโโ target.py # URL + param handling
โโโ requester.py # HTTP client (httpx)
โโโ session.py # SQLite persistence
โโโ reporter.py # JSON/Markdown exports
โโโ exploit.py # Exploitation guide
โโโ utils.py # Shared utilities
modules/
โโโ xss/ # Cross-Site Scripting
โโโ sqli/ # SQL Injection (error/boolean/time/union)
โโโ lfi/ # Local File Inclusion
โโโ ssti/ # Server-Side Template Injection
โโโ cmd_inject/ # Command Injection
โโโ ssrf/ # Server-Side Request Forgery
โโโ open_redirect/ # Open Redirect
docker/ # Vulnerable Flask lab
โโโ app.py
โโโ Dockerfile
โโโ docker-compose.yml
โโโ init_db.py
payloads/ # Payload files (YAML/TXT)
data/
โโโ signatures/ # Detection signatures (WAF, DB errors)
โโโ wordlists/ # Wordlists (params, paths)
```
## Requirements
- Python 3.11+
- httpx
- prompt_toolkit
- rich
- pyyaml
- markdown
- jinja2
## License
MIT