WAES: Web Auto Enum & Scanner

by do son · Published · Updated

CPH:SEC WAES at a Glance

Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script, the enum process can be optimized while saving time for a hacker. This is what CPH:SEC WAES or Web Auto Enum & Scanner is created for. WAES runs 4 steps of scanning against the target (see more below) to optimize the time spent scanning. While multi-core or multi-threaded scanning could be implemented it will almost surely get boxes to hang and so is undesirable.

Web Auto Enum

  • From the current version and forward WAES will include an install script as the project moves from alpha to beta phase.
  • WAES could have been developed in python but good bash projects need to learn bash.
  • WAES is currently made for CTF boxes but is moving towards online uses

Enumeration Process / Method

WAES runs .

Step 0 – Passive scan – (disabled in the current version)

  • whatweb – aggressive mode
  • OSIRA (same author) – looks for subdomains

Step 1 – Fast scan

  • wafw00 – firewall detection
  • nmap with http-enum

Step 2 – Scan – in-depth

  • nmap – with NSE scripts: http-date,http-title,http-server-header,http-headers,http-enum,http-devframework,http-dombased-xss,http-stored-xss,http-xssed,http-cookie-flags,http-errors,http-grep,http-traceroute
  • nmap with vulscan (CVSS 5.0+)
  • nikto – with evasion A and all CGI dirs
  • uniscan – all tests except stress test (qweds)

Step 3 – Fuzzing

  • super gobuster
    • gobuster with multiple lists
    • dirb with multiple lists
  • xss scan (to come)

.. against target while dumping results files in report/ folder.

Download

Copyright (C) 2019 Shiva108