Skip to content
CPH:SEC WAES: Web Auto Enum & Scanner - Auto enums website(s) and dumps files as result
Shell Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.idea xxMerge branch 'master' of https://github.com/Shiva108/WAES Jul 27, 2019
OSIRA dfads Jul 27, 2019
SecLists update to supergo Jul 27, 2019
dirble @ c3ce4ca dfads Jul 27, 2019
pywhatcms @ f293daa dfads Jul 27, 2019
report update to waes Jul 30, 2019
vulscan dfads Jul 27, 2019
.gitmodules dfads Jul 27, 2019
LICENSE Create LICENSE Apr 21, 2019
README.md xxMerge branch 'master' of https://github.com/Shiva108/WAES Jul 27, 2019
banner.png update 2 supergo Jul 27, 2019
bartest.sh update 2 supergo Jul 27, 2019
cleanrf.sh test without -vv Oct 14, 2018
install.sh update 2 supergo Jul 27, 2019
logo_transparent.png update 2 supergo Jul 27, 2019
resolveip.py update 2 supergo Jul 27, 2019
supergobuster.old update 2 supergo Jul 27, 2019
supergobuster.sh update to supergo Jul 27, 2019
test.lst update 2 supergo Jul 27, 2019
testscript.sh update 2 supergo Jul 27, 2019
waes.sh update to waes Jul 30, 2019

README.md

GitHub Logo

CPH:SEC WAES at a Glance

Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum process can be optimized while saving time for hacker. This is what CPH:SEC WAES or Web Auto Enum & Scanner is created for. WAES runs 4 steps of scanning against target (see more below) to optimize the time spend scanning. While multi core or multi-threaded scanning could be implemented it will almost surely get boxes to hang and so is undesirable.

  • From current version and forward WAES will include an install script (see blow) as project moves from alpha to beta phase.
  • WAES could have been developed in python but good bash projects are need to learn bash.
  • WAES is currently made for CTF boxes but is moving towards online uses (see todo section)

To install:

1. $> git clone https://github.com/Shiva108/WAES.git
2. $> cd WAES
2. $> sudo ./install.sh

Make sure directories are set correctly in supergobuster.sh. Should be automatic with Kali & Parrot Linux.

  • Standard directories for lists : SecLists/Discovery/Web-Content & SecLists/Discovery/Web-Content/CMS
  • Kali / Parrot directory list : /usr/share/wordlists/dirbuster/

To run WAES

Web Auto Enum & Scanner - Auto enums website(s) and dumps files as result.

##############################################################################

    Web Auto Enum & Scanner

    Auto enums website(s) and dumps files as result

##############################################################################

Usage: waes.sh -u {IP} waes.sh -h

   -h shows this help
   -u IP to test eg. 10.10.10.123
   -p port nummer (default=80)

   Example: ./waes.sh -u 10.10.10.130 -p 8080

Enumeration Process / Method

WAES runs ..

Step 0 - Passive scan - (disabled in the current version)

  • whatweb - aggressive mode
  • OSIRA (same author) - looks for subdomains

Step 1 - Fast scan

  • wafw00 - firewall detection
  • nmap with http-enum

Step 2 - Scan - in-depth

  • nmap - with NSE scripts: http-date,http-title,http-server-header,http-headers,http-enum,http-devframework,http-dombased-xss,http-stored-xss,http-xssed,http-cookie-flags,http-errors,http-grep,http-traceroute
  • nmap with vulscan (CVSS 5.0+)
  • nikto - with evasion A and all CGI dirs
  • uniscan - all tests except stress test (qweds)

Step 3 - Fuzzing

  • super gobuster
    • gobuster with multiple lists
    • dirb with multiple lists
  • xss scan (to come)

.. against target while dumping results files in report/ folder.

To Do

  • Implement domain as input
  • Add XSS scan
  • Add SSL/TLS scanning
  • Add domain scans
  • Add golismero
  • Add dirble
  • Add progressbar
  • Add CMS detection
  • Add CMS specific scans
You can’t perform that action at this time.