{"id":21185455,"url":"https://github.com/shiva108/waes","last_synced_at":"2025-07-10T01:30:40.521Z","repository":{"id":134114087,"uuid":"126488020","full_name":"Shiva108/WAES","owner":"Shiva108","description":"CPH:SEC WAES: Web Auto Enum \u0026 Scanner - Auto enums website(s) and dumps files as result","archived":false,"fork":false,"pushed_at":"2019-07-30T18:20:50.000Z","size":747,"stargazers_count":59,"open_issues_count":0,"forks_count":35,"subscribers_count":6,"default_branch":"master","last_synced_at":"2023-03-10T08:13:16.831Z","etag":null,"topics":["dirb","dump-files","gobuster","htb","http","nikto","nmap","nse","report","scanner","uniscan","waes","wafw00f","whatweb","xss-detection"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Shiva108.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-03-23T13:20:10.000Z","updated_at":"2023-09-24T14:31:56.086Z","dependencies_parsed_at":"2023-09-24T14:52:06.856Z","dependency_job_id":null,"html_url":"https://github.com/Shiva108/WAES","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Shiva108%2FWAES","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Shiva108%2FWAES/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Shiva108%2FWAES/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Shiva108%2FWAES/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Shiva108","download_url":"https://codeload.github.com/Shiva108/WAES/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225606490,"owners_count":17495551,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dirb","dump-files","gobuster","htb","http","nikto","nmap","nse","report","scanner","uniscan","waes","wafw00f","whatweb","xss-detection"],"created_at":"2024-11-20T18:16:35.307Z","updated_at":"2024-11-20T18:16:35.807Z","avatar_url":"https://github.com/Shiva108.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n![GitHub Logo](banner.png)\n\n## CPH:SEC WAES at a Glance\n\nDoing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial.\nIt can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum process can be optimized while saving time for hacker. This is what **CPH:SEC WAES** or _Web Auto Enum \u0026 Scanner_ is created for. WAES runs 4 steps of scanning against target (see more below) to optimize the time spend scanning. While multi core or multi-threaded scanning could be implemented it will almost surely get boxes to hang and so is undesirable.\n* From current version and forward WAES will include an install script (see blow) as project moves from alpha to beta phase.\n* WAES could have been developed in python but good bash projects are need to learn bash.\n* WAES is currently made for CTF boxes but is moving towards online uses (see todo section)\n\n## To install:\n\n```\n1. $\u003e git clone https://github.com/Shiva108/WAES.git\n2. $\u003e cd WAES\n2. $\u003e sudo ./install.sh\n```\n\nMake sure directories are set correctly in supergobuster.sh.\nShould be automatic with Kali \u0026 Parrot Linux.\n* Standard directories for lists    : SecLists/Discovery/Web-Content \u0026 SecLists/Discovery/Web-Content/CMS\n* Kali / Parrot directory list      : /usr/share/wordlists/dirbuster/\n\n\n## To run WAES\nWeb Auto Enum \u0026amp; Scanner - Auto enums website(s) and dumps files as result.\n\n##############################################################################\n\n        Web Auto Enum \u0026 Scanner\n\n        Auto enums website(s) and dumps files as result\n\n##############################################################################\n\nUsage: waes.sh -u {IP}\n       waes.sh -h\n\n       -h shows this help\n       -u IP to test eg. 10.10.10.123\n       -p port nummer (default=80)\n\n       Example: ./waes.sh -u 10.10.10.130 -p 8080\n\n\n## Enumeration Process / Method\n\nWAES runs ..\n\nStep 0 - Passive scan - (disabled in the current version)\n  + whatweb - aggressive mode\n  + OSIRA (same author) - looks for subdomains\n\nStep 1 - Fast scan\n  + wafw00 - firewall detection\n  + nmap with http-enum\n\nStep 2 - Scan - in-depth\n  + nmap - with NSE scripts: http-date,http-title,http-server-header,http-headers,http-enum,http-devframework,http-dombased-xss,http-stored-xss,http-xssed,http-cookie-flags,http-errors,http-grep,http-traceroute\n  + nmap with vulscan (CVSS 5.0+)\n  + nikto - with evasion A and all CGI dirs\n  + uniscan - all tests except stress test (qweds)\n\nStep 3 - Fuzzing\n+ super gobuster\n  - gobuster with multiple lists\n  - dirb with multiple lists\n+ xss scan (to come)\n\n.. against target while dumping results files in report/ folder.\n\n\n## To Do\n+ Implement domain as input\n+ Add XSS scan\n+ Add SSL/TLS scanning\n+ Add domain scans\n+ Add golismero\n+ Add dirble\n+ Add progressbar\n+ Add CMS detection\n+ Add CMS specific scans\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshiva108%2Fwaes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshiva108%2Fwaes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshiva108%2Fwaes/lists"}