{"id":23357800,"url":"https://github.com/trixsec/waymap","last_synced_at":"2025-04-10T09:45:09.875Z","repository":{"id":255711829,"uuid":"853374849","full_name":"TrixSec/waymap","owner":"TrixSec","description":"Waymap is a fast and optimized web vulnerability scanner built for penetration testers. It helps in identifying vulnerabilities by testing against various payloads.","archived":false,"fork":false,"pushed_at":"2024-10-23T15:10:11.000Z","size":3899,"stargazers_count":30,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-10-23T19:18:02.439Z","etag":null,"topics":["command-injection","command-injection-scanner","command-line-tool","exploitation-framework","hacking","lfi-exploitation","open-redirect-detection","python","scanner","sql-scanner","sqli-scanner","sqlinjection","sqlmap","ssti","trixsec","waymap","website-hacking","website-hacking-tool","xss-detection","xss-exploitation"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TrixSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-06T14:28:51.000Z","updated_at":"2024-10-23T15:10:15.000Z","dependencies_parsed_at":"2024-09-06T20:50:25.705Z","dependency_job_id":"c001c916-37fa-4791-b19f-8e8b03cc45a1","html_url":"https://github.com/TrixSec/waymap","commit_stats":null,"previous_names":["trixsec/waymap"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrixSec%2Fwaymap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrixSec%2Fwaymap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrixSec%2Fwaymap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TrixSec%2Fwaymap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TrixSec","download_url":"https://codeload.github.com/TrixSec/waymap/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248196254,"owners_count":21063378,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["command-injection","command-injection-scanner","command-line-tool","exploitation-framework","hacking","lfi-exploitation","open-redirect-detection","python","scanner","sql-scanner","sqli-scanner","sqlinjection","sqlmap","ssti","trixsec","waymap","website-hacking","website-hacking-tool","xss-detection","xss-exploitation"],"created_at":"2024-12-21T10:32:09.442Z","updated_at":"2025-04-10T09:45:09.864Z","avatar_url":"https://github.com/TrixSec.png","language":"Python","readme":"# Waymap - Web Vulnerability Scanner.\n\n**Current Version**: 6.1.8   \n**Author**: Trix Cyrus \n**Contributors**: Yash Kulkarni\n**Copyright**: © 2024-25 Trixsec Org   \n**Maintained**: Yes   \n\n![Waymap Logo](https://waymapscanner.github.io/images/waymap.jpg)\n\n## What is Waymap?\n**Waymap** is a fast and optimized web vulnerability scanner designed to identify security flaws in web applications. With support for multiple scan types and customizable configurations, it is a versatile tool for ethical hackers, penetration testers, and security enthusiasts. And Is Able To Scan For **75+ Web Vulnerabilities**\n\n## Features Overview\n---\n\n### Latest Update\n\n#### v5.9.4\n- Removed Old Error Based Sql Method Use the new one by --scan sqli\n- Updated The Open Redirect Vuln Testing In Waymap\n- Updated The Crawler To v4\n- Added 249 High Risk Cves Data In Waymap\n- Total Count: 390\n\n#### v6.0.4 \n- Added New Scan Profile 'deepscan' use using --profile deepscan\n- Features in Deepscan: Scan for 25+ Types of Headers Vuln , Do Massive Directory Fuzzing, Find Backup Files On The Server\n- Fixed Scan Type 'cors' Error\n- minor bug fixed\n\n#### v6.0.5 \n- fixed issue regaring waymap updates\n\n#### v6.1.6\n- Added New Module In Deepscan Profile : Vulnerable Javascript Library And Files Scanner\n- Added WAF/IPS Detector In Waymap Can Detect More Than 160 Types of Waf\n- Usage: --check-waf/--waf https://example.com\n\n#### v6.1.7\n- XSS payload file missing error fix\n- some minor bugs fix\n\n#### v6.1.8\n- updated the SQL Injection Exiting logic\n- minor bug fixes\n\n--- New Big Updates Soon\n\n## 🚀 **Features**\n\n### 1. **Flexible Scanning Options**\n   - **Target-based scanning:** \n     Scan single or multiple targets using `--target` or `--multi-target` options \n   - **Profile-based scanning:** \n     Supports high-risk, critical-risk and deepscan scan profiles for targeted assessments.\n\n### 2. **Supported Scan Types**\n   - **SQL Injection (SQLi):**  \n     Detect vulnerabilities related to SQL injection.\n   - **Command Injection (CMDi):**  \n     Identify potential command execution vulnerabilities.\n   - **Server-Side Template Injection (SSTI):**  \n     Scan for template injection risks in server-side frameworks.\n   - **Cross-Site Scripting (XSS):**  \n     Check for reflective XSS vulnerabilities.\n   - **Local File Inclusion (LFI):**  \n     Locate file inclusion vulnerabilities.\n   - **Open Redirect:**  \n     Identify redirect-related issues.\n   - **Carriage Return and Line Feed (CRLF):**  \n     Scan for CRLF injection flaws.\n   - **Cross-Origin Resource Sharing (CORS):**  \n     Check for misconfigurations in CORS policies.\n   - **All-in-one scanning:**  \n     Perform all available scans in a single command.\n\n### 3. **Profile-based Scanning**\n   - **High-Risk Profile:**  \n   - **Critical-Risk Profile:**  \n   - **deepscan Profile:**\n     Focuses on severe vulnerabilities, such as CVE-based attacks.\n\n### 4. **Crawling Capabilities**\n   - Crawl target websites with customizable depth (`--crawl`).\n   - Automatically discover and extract URLs for scanning.\n\n### 5. **Threaded Scanning**\n   - Speed up scans with multithreading (`--threads`).\n\n### 6. **Automation Features**\n   - Skip prompts using the `--no-prompt` option.\n   - Automatically handle missing directories, files, and session data.\n\n### 7. **Update Checker**\n   - Easily check for the latest updates (`--check-updates`).\n\n---\n\n## 🛠️ **How to Use**\n\n### Basic Commands\n1. **Scan a single target:**\n   ```bash\n   python waymap.py --crawl 3 --target https://example.com --scan {scan_type}\n   ```\n2. **Scan multiple targets from a file:**\n   ```bash\n   python waymap.py --crawl 3 --multi-target targets.txt --scan {scan_type}\n   ```\n3. **Directly scan a single Target Without Crawling:**\n   ```bash\n   python waymap.py --target https://example.com/page?id=1 --scan {scan_type}\n\n2. **Directly Scan multiple targets from a file:**\n   ```bash\n   python waymap.py  --multi-target targets.txt --scan {scan_type}(example url type: https://example.com/page?id=1 )\n\n   ```\n4. **Profile-based scanning:**\n   ```bash\n   python waymap.py --target https://example.com --profile high-risk/critical-risk/deepscan\n   ```\n\n### Thread Configuration\n1. **Use threading for faster scans:**\n   ```bash\n   python waymap.py --crawl 3 --target https://example.com --scan ssti --threads 10\n   ```\n\n### Update Check\n1. **Ensure you have the latest version:**\n   ```bash\n   python waymap.py --check-updates\n   ```\n\n### Check Help\n```bash\npython waymap.py -h\n\n```\n\n---\n\n**Repository Views** ![Views](https://profile-counter.glitch.me/waymap/count.svg) (After 05-01-2025)\n### Waymap makes web vulnerability scanning efficient and accessible. Start securing your applications today! 🎯\n\n\n#### Credits\n- Thanks SQLMAP For Payloads Xml File\n\n### If you face any issues in Waymap, please submit them here: https://github.com/TrixSec/waymap/issues\n\n#### Also Star The Repo And Fork It\n\n### Follow Us on Telegram\nStay updated with the latest tools and hacking resources. Join our Telegram Channel by clicking the logo below:\n\n[![Telegram](https://upload.wikimedia.org/wikipedia/commons/thumb/8/82/Telegram_logo.svg/240px-Telegram_logo.svg.png)](https://t.me/Trixsec)\n\n### Happy Hacking!\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrixsec%2Fwaymap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrixsec%2Fwaymap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrixsec%2Fwaymap/lists"}