ÈÐ Wïgê† Ðð† ñåmê

ïñ£ð§ê¢, ïñ£ðrmå†ïðñ §ê¢µr, Ðïgï†ål £ðrêñ§ï¢§, hå¢kïñg, §¥§†êm åÐmïñ阮rå†ïðñ, lïñµx ßlðg

script: using wapiti to audit a list of domains

, , , , , , , , , , ,

I often review various vulnerability scanners.  When I review them, I look at several different things:

  • were they able to find a vulnerability I previously missed?
  • are they accurate in their findings?
  • how quickly do they complete an audit compared to “insert some other vulnerability scanner here”?
  • sometimes I will also grab the tcpdumps of the audits for even further analysis
  • how accessible and easy are they to use by “skiddies”?
  • based on the tcpdumps + noise generated on the server logs, are the audit signatures of wapiti easy to detect?

I try to simplify this as much as possible.  I always audit against a virtualbox image using real client data and sites.  To simplify this as much as possible, I create scripts which easily lets me repeat an audit.  Kali linux contains wapiti but currently it is an older version.  So, I created this script to compare known results from the version included with kali linux to the newest version just recently released (2.3.0).

Here is the script I use…..

[codesyntax lang=”bash”]

#!/bin/bash

# By Ed Wiget
# use wapiti to audit a list of sites from a file
# requires wapiti 2.3.0 or greater

# 20131128 - original script

# what is the ip of our audit server?
AUDIT_IP=192.168.1.16

# where wapiti is installed
BASEDIR=~/bin/wapiti-2.3.0/bin

if [ ! -d ${BASEDIR} ]; then
	echo "Wapiti not installed in ${BASEDIR}"
	echo "Download wapiti from http://wapiti.sourceforge.net"
	exit 1
fi

# file list contains one domain per line
FILE_LIST=~/Desktop/sites.txt

# output file directory - must set this to something other than default html in options below
OUT_FILE_DIR=~/Desktop/wapiti-audits

if [ ! -d ${OUT_FILE_DIR} ]; then
	echo "creating output directory ${OUT_FILE_DIR}"
	mkdir -p ${OUT_FILE_DIR}
fi

# here we set up the loop to audit - output will be on screen and to file
# we also check to make sure the domain resolves to our AUDIT_IP

echo "beginning audit of `wc -l ${FILE_LIST} | awk '{print$1}'` domains"
for dom in `cat ${FILE_LIST}`; do

	echo "pinging ${dom}"

	if [ "`ping -c 1 ${dom} | awk -F\( '{print$2}' | awk -F\) '{print$1}' | head -1`" = "${AUDIT_IP}" ]; then

                echo "working on ${dom}"
                python ${BASEDIR}/wapiti http://${dom} --color --verbose 1 --scope domain --format txt --output ${OUT_FILE_DIR}/wapiti-${dom}.txt

	else

                echo "${dom} does not resolve to ${AUDIT_IP} ... skipping"
                echo -e "\n\nPlease check to make sure ${dom} is set in your /etc/hosts file to resolve to ${AUDIT_IP}\n\n"

	fi

done

echo "wapiti has finished auditing all domains"

[/codesyntax]

Leave a Reply