The BWASP tool basically provides predicted information through vulnerability analysis without proceeding with an attack.
BWASP supports performing automated analysis and manual analysis.
The BWASP Project supports:
- Find Attack vector automatically. (e.g. SQL Injection, Cross-site Scripting)
- Detect website technology.
- Log4J vulnerability scan (Partially supports java language)
- HTTP REST API
- GuideLine Result
- Test payload option(attack test)
pip3 install -r requirements.txt
BWASP Tool Guide
- Add OSINT feature (find subdomains)
Web Infra Environment Analysis: wappalyzer(https://github.com/AliasIO/wappalyzer)
This work was supported by Korea Information Technology Research Institute (KITRI) Best of the Best (BoB) Program 10th vulnerability analysis track.
[Project Name: BoB Web Application Security Project]
Source : KitPloit – PenTest Tools!