Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations, and misconfigurations.
Spaghetti is built on python2.7 and can run on any platform which has a Python environment.
Features
Fingerprints:
- Server
- Web Frameworks (CakePHP,CherryPy,Django,…)
- Web Application Firewall (Waf) (Cloudflare,AWS,Barracuda,…)
- Content Management System (CMS) (Drupal,Joomla,Wordpress,Magento)
- Operating System (Linux,Unix,Windows,…)
- Language (PHP,Ruby,Python,ASP,…)
Discovery:
Scanning using options 1 :
- Apache
- Apache (mod_userdir)
- Apache (mod_status)
- Apache multiviews
- Apache xss
- Broken Auth./Session Management
Scanning using options 2 :
- Admin Panel
- Backdoors
- Backup Directory
- Backup File
- Common Directory
- Common File
- Log File
- Disclosure
- Emails
- IP
- Injection
Scanning using options 3 :
- HTML
- SQL
- LDAP
- XPath
- XSS
- RFI
- PHP Code
- Other
Scanning using options 4 :
- Allow Methods
- HTML Object
- Multiple Index
- Robots Paths
- Cookie Security
- Vulns
Scanning using options 5:
- ShellShock
- Struts-Shock
Installation
- git clone https://github.com/m4ll0k/Spaghetti.git
- cd Spaghetti
- pip install -r requirements.txt
- python spaghetti.py –help
Tool Page at Github https://github.com/m4ll0k/Spaghetti
Related Posts:
Droid Hunter Android application vulnerability analysis
Speed up web server with PHP5 on Raspberry Pi (lighttpd)
install lighttpd web server on Raspberry Pi
Automatically install Raspberry Pi security updates
Security risks of the Smart Home and counter strategies
Machine Learning for Cyber Security resources
Leave a Reply