Spaghetti: A Website Applications Security Scanner

About Spaghetti
   Author: m4ll0k

• Github: m4ll0k
• Twitter: m4ll0k

   Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on Python 2.7 and can run on any platform which has a Python environment.

Spaghetti Installation:

Spaghetti's Features:
   Fingerprints:

• Server:
• Web Frameworks (CakePHP,CherryPy,...)
• Web Application Firewall (Waf)
• Content Management System (CMS)
• Operating System (Linux,Unix,..)
• Language (PHP,Ruby,...)
• Cookie Security

   Discovery:

• Bruteforce:Admin Interface
  Common Backdoors
  Common Backup Directory
  Common Backup File
  Common Directory
  Common FileLog File
• Disclosure: Emails, Private IP, Credit Cards

   Attacks:

• HTML Injection
• SQL Injection
• LDAP Injection
• XPath Injection
• Cross Site Scripting (XSS)
• Remote File Inclusion (RFI)
• PHP Code Injection

   Other:

• HTTP Allow Methods
• HTML Object
• Multiple Index
• Robots Paths
• Web Dav
• Cross Site Tracing (XST)
• PHPINFO
• .Listing

   Vulns:

• ShellShock
• Anonymous Cipher (CVE-2007-1858)
• Crime (SPDY) (CVE-2012-4929)
• Struts-Shock

Spaghetti Example:
python spaghetti --url example.com --scan 0 --random-agent --verbose

Download Spaghetti

Continue reading

1. Pentestmonkey Cheat Sheet
2. Hacking Resources
3. Hacker Ethic
4. Rapid7 Pentest
5. Pentest Checklist
6. Pentest Hardware
7. Hacking Health
8. Hacking Wifi
9. Pentest Ios
10. Pentest Box
11. Hacking With Python
12. Pentest Plus
13. Hacking The Art Of Exploitation