Web Application scanning is an important part of Hacking, it gives lots of information about a Domain. There are several tools available for Web Application scanning  WA Scan is an Open source Web Application Security Scanner. WAScan is built on python2.7 and can run on any platform which has a Python environment. you can install WAScan from its official page on GitHub.
To install WAScan open your terminal and clone it or Download it as a zip file


$ git clone https://github.com/m4ll0k/WAScan.git wascan
$ cd wascan 
$ pip install BeautifulSoup
$ python wascan.py
Once the installation is finished you can check all the options with




 python wascan.py -h
It will display all the options available
 wascan.py [options]

-u --url Target URL (e.g: http://www.site.com)
-s --scan Scan options (default=5):

0 : Fingerprint (server,waf,cms,...)
1 : Attacks (sql,ldap injection,...)
2 : Audit (phpinfo,openredirect,...)
3 : Bruteforce (dir,file,backup,...)
4 : Disclosure (emails,password,...)
5 : Full scan (audit,attacks,brute,...)

-b --brute Bruteforce hidden parameters (GET only)
-H --headers Extra headers (e.g: "Host:site.com")
-d --data Data to be sent via POST method
-m --method HTTP method, GET or POST
-h --host HTTP Host header value
-R --referer HTTP Referer header value
-a --auth HTTP Basic Authentication (user:pass)
-A --agent HTTP User-agent header value
-r --ragent Use random User-agent header value
-c --cookie HTTP Cookie header value
-p --proxy Use a proxy, (host:port)
-P --proxy-auth Proxy Authentication, (user:pass)
-t --timeout Seconds to wait before timeout connection
-n --redirect Set redirect target URL False (default=True)
-v --verbose Verbosity, print more informations
-V --version Show tool version
-hh --help Show this help and exit


You can perform Brute Force Attack, find Email passwords, scanner it and many more.

 python wascan.py -u allabouthack 
when you enter the command above it will scan the URL for SQL, XSS, Brute-Force attack, etc.

Subscribe to the blog with your email or click on the bell icon for the daily update, You can join our telegram channel for the latest updates. and share it if you like the post.