Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations, and misconfigurations.
Spaghetti is built on python2.7 and can run on any platform which has a Python environment.
Features
Fingerprints:
- Server
- Web Frameworks (CakePHP,CherryPy,Django,…)
- Web Application Firewall (Waf) (Cloudflare,AWS,Barracuda,…)
- Content Management System (CMS) (Drupal,Joomla,Wordpress,Magento)
- Operating System (Linux,Unix,Windows,…)
- Language (PHP,Ruby,Python,ASP,…)
Discovery:
Scanning using options 1 :
- Apache
- Apache (mod_userdir)
- Apache (mod_status)
- Apache multiviews
- Apache xss
- Broken Auth./Session Management
Scanning using options 2 :
- Admin Panel
- Backdoors
- Backup Directory
- Backup File
- Common Directory
- Common File
- Log File
- Disclosure
- Emails
- IP
- Injection
Scanning using options 3 :
- HTML
- SQL
- LDAP
- XPath
- XSS
- RFI
- PHP Code
- Other
Scanning using options 4 :
- Allow Methods
- HTML Object
- Multiple Index
- Robots Paths
- Cookie Security
- Vulns
Scanning using options 5:
- ShellShock
- Struts-Shock
Installation
- git clone https://github.com/infosecsecurity/Spaghetti.git
- cd Spaghetti
- pip install -r requirements.txt
- python spaghetti.py –help
Tool Page at Github https://github.com/infosecsecurity/Spaghetti
Leave a Reply