“Spaghetti”, a Python Web Application security scanner

Designed to find various default and insecure files, configurations and misconfigurations.


Spaghetti is a web application security scanner built on python2.7, designed to find various default and insecure files, configurations and misconfigurations.

It’s developed and mantained by Momo Outaadi(m4ll0k), that have also developed Infoga, an information gathering tool.


Features

Fingerprints

  • Server
  • Frameworks (CakePHP,CherryPy,Django,…)
  • Firewall (Cloudflare,AWS,Barracuda,…)
  • CMS (Drupal,Joomla,Wordpress)
  • OS (Linux,Unix,Windows,…)
  • Language (PHP,Ruby,Python,ASP,…)

Discovery

  • Admin Panel
  • Apache Enumeration Users
  • Apache XSS
  • Apache ModStatus
  • Backdoors
  • Backup
  • Captcha
  • Common Directories
  • Common Files
  • Cookie Security
  • Multiple Index
  • Information Disclosure (Emails and Private IP)

Installation

Really fast, simply clone the git repository and install the dependencies:

$ git clone https://github.com/m4ll0k/Spaghetti.git
$ cd Spaghetti
$ pip install -r doc/requirements.txt
$ python spaghetti.py -h

More information and downloads

https://github.com/m4ll0k/Spaghetti

Comments