Current Version: 5.1.1 Author: Trix Cyrus
Copyright: © 2024 Trixsec Org
Maintained: Yes

Waymap is a fast and optimized And Automated web vulnerability scanner designed for penetration testers. It effectively identifies vulnerabilities by testing against a variety of payloads.

Check out this video to see Waymap in action:

• SQL Injection
  

• Command Injection
  

• Server Side Template Injection
  

  Can't add more screenshot it'll increase the size of readme.md

1. Vulnerability Scanning Modules:

   • SQL Injection (SQLi)
   • Command Injection
   • Server-Side Template Injection (SSTI) with threading support
   • Cross-Site Scripting (XSS) with filter bypass payload testing and threading support
   • Local File Inclusion (LFI) with threading support
   • Open Redirect with custom thread count
   • Carriage Return and Line Feed (CRLF) with custom threading
   • Cross-Origin Resource Sharing (CORS) with threading support
   • Critical and High-Risk Scan Profiles using CVE exploits (32 CVEs: WordPress - 19, Drupal - 4, Joomla - 7, Generic/Others - 2)

2. Web Crawling:

   • Initial crawling functionality
   • Enhanced crawler to operate within target domain boundaries and handle URL redirection
   • Advanced crawler capable of any-depth crawling
   • Improved v3 crawler (competitive with SQLmap crawler)

3. Concurrency & Threading:

   • Concurrency to utilize multiple CPU threads for faster scans
   • Custom thread count for Open Redirect, CRLF, and CORS scans
   • New argument --threads/-T for global threading count (no prompt for threads)

4. Multi-Target Scanning:

   • Support for scanning multiple URLs with --multi-target {targetfilename}.txt
   • Ability to scan URLs directly without crawling using --url/-u and --multi-url/-mu arguments

5. Automation and Convenience:

   • Auto-update functionality (version-dependent)
   • New argument --check-updates to check for and perform updates
   • New argument --random-agent to randomize user-agents
   • Header usage to make requests appear more legitimate and reduce detection/blocking
   • Argument --no-prompt/-np to disable prompts (default input = 'n')

6. Scan Profiles & Severity-Based Scanning:

   • New critical and high-risk scan profiles (--scan critical-risk and --scan high-risk) using severity-based CVE exploits
   • Argument --profile critical-risk/high-risk with --profileurl for streamlined scanning based on CVE severity

7. Logging and Stability:

   • Logging functionality for scan sessions
   • Various bug fixes and optimizations for stability and processing speed

git clone https://github.com/TrixSec/waymap.git

pip install .

python waymap.py --crawl 1 --scan sql/cmdi/ssti/xss/lfi/open-redirect/crlf/cors/all --target/--multi-target https://example.com/{filename}.txt

python waymap.py --scan sql/cmdi/ssti/xss/lfi/open-redirect/crlf/cors/all --url/--mutli-url https://example.com/index.php?id=1/{filename}.txt

python waymap.py -h

Stay updated with the latest tools and hacking resources. Join our Telegram Channel by clicking the logo below: