“Spaghetti”, a Python Web Application security scanner

Designed to find various default and insecure files, configurations and misconfigurations.

Spaghetti is a web application security scanner built on python2.7, designed to find various default and insecure files, configurations and misconfigurations.

It’s developed and mantained by Momo Outaadi(m4ll0k), that have also developed Infoga, an information gathering tool.

Features

Fingerprints

  • Server
  • Frameworks (CakePHP,CherryPy,Django,…)
  • Firewall (Cloudflare,AWS,Barracuda,…)
  • CMS (Drupal,Joomla,Wordpress)
  • OS (Linux,Unix,Windows,…)
  • Language (PHP,Ruby,Python,ASP,…)

Discovery

  • Admin Panel
  • Apache Enumeration Users
  • Apache XSS
  • Apache ModStatus
  • Backdoors
  • Backup
  • Captcha
  • Common Directories
  • Common Files
  • Cookie Security
  • Multiple Index
  • Information Disclosure (Emails and Private IP)

Installation

Really fast, simply clone the git repository and install the dependencies:

$ git clone https://github.com/m4ll0k/Spaghetti.git
$ cd Spaghetti
$ pip install -r doc/requirements.txt
$ python spaghetti.py -h

More information and downloads

m4ll0k/Spaghetti

“Spaghetti”, a Python Web Application security scanner was originally published in So Long, and Thanks for All the Fish on Medium, where people are continuing the conversation by highlighting and responding to this story.

Article Link: https://andreafortuna.org/spaghetti-a-python-web-application-security-scanner-d56066b7eab7?source=rss----bf18ac17f001---4