wapiti - Web application vulnerability scanner

Property Value
Distribution Debian 7 (Wheezy)
Repository Debian Main amd64
Package name wapiti
Package version 1.1.6
Package release 4
Package architecture all
Package type deb
Installed size 57 B
Download size 18.02 KB
Official Mirror ftp.br.debian.org
Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the
application but will scans the web pages of the deployed web applications,
looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see
if a script is vulnerable.
Wapiti can detect the following vulnerabilities:
- File Handling Errors (Local and remote include/require, fopen, ...)
- Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
- XSS (Cross Site Scripting) Injection
- LDAP Injection
- Command Execution detection (eval(), system(), passtru()...)
- CRLF Injection (HTTP Response Splitting, session fixation...)


Package Version Architecture Repository
wapiti_1.1.6-4_all.deb 1.1.6 all Debian Main
wapiti - - -


Name Value
python >= 2.6.6-7~


Type URL
Binary Package wapiti_1.1.6-4_all.deb
Source Package wapiti

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install wapiti deb package:
    # sudo apt-get install wapiti




2012-04-06 - Arthur de Jong <adejong@debian.org>
wapiti (1.1.6-4) unstable; urgency=low
* Team upload.
[ Jakub Wilk ]
* Remove unused Provides field from debian/control.
[ Jari Aalto ]
* Remove deprecated dpatch and upgrade to packaging format "3.0 quilt"
(Closes: #664377).
* Update to Standards-Version to 3.9.3 and debhelper to 9.
[ Arthur de Jong ]
* Switch to dh_python2 (Closes: #617144).
* Switch to dh command sequencer and install file with dh_install instead
of a custom setup.py.
* Update Vcs-Browser field.
* Fix spelling error and small wording change in manual page (thanks
* Switch to machine-readable debian/copyright format.
2008-04-26 - Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>
wapiti (1.1.6-3) unstable; urgency=low
* Closes: #477034
-> restructured debian/rules
* changing some rules in debian/rules
* watch-file added
* patches now handled by dpatch
* new Uploader: Python Applications Packaging Team
2007-07-30 - Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>
wapiti (1.1.6-2) unstable; urgency=low
* changed description ( Closes: #434804 )
* modified man-page.
* debianized warning output, if python-utidylib and python-ctypes are not installed.
2007-06-28 - Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>
wapiti (1.1.6-1) unstable; urgency=low
* Initial release (Closes: #381418)

See Also

Package Description
wapua_0.06.1-2_all.deb Web browser for WAP WML pages
warmux-data_11.04.1+repack-4_all.deb data files for the WarMUX game
warmux-servers_11.04.1+repack-4_amd64.deb stand alone server and game index server for WarMUX
warmux_11.04.1+repack-4_amd64.deb turn-based artillery game on 2D maps
watch-maildirs_1.2.0-2.1_amd64.deb mswatch helper tools to watch maildirs and trigger on-demand syncs
watchdog_5.12-1_amd64.deb system health checker and software/hardware watchdog handler
wav2cdr_2.3.4-1_amd64.deb Converts wav files into CD-ROM audio file format
wavbreaker_0.11-1_amd64.deb tool to split wave files into multiple chunks
wavemon_0.7.5-3_amd64.deb Wireless Device Monitoring Application
wavesurfer_1.8.8p3-1_all.deb Sound Manipulation Program
wavpack_4.60.1-3_amd64.deb audio codec (lossy and lossless) - encoder and decoder
wayv_0.3-5_amd64.deb Experimental hand writing/gesture recognition program
wbar_1.3.3+dfsg2-1_amd64.deb light and fast launch bar
wbox_5-1_amd64.deb HTTP testing tool and configuration-less HTTP server
wbrazilian_3.0~beta4-15_all.deb Brazilian Portuguese wordlist