WAES : Web Auto Enum & Scanner

WAES is nothing but Web Auto Enum & Scanner. Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on.

A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum process can be optimised while saving time for hacker. This is what CPH:SEC WAES or Web Auto Enum & Scanner is created for. WAES runs 4 steps of scanning against target (see more below) to optimise the time spend scanning.

While multi core or multi-threaded scanning could be implemented it will almost surely get boxes to hang and so is undesirable.

• From current version and forward WAES will include an install script (see blow) as project moves from alpha to beta phase.
• WAES could have been developed in python but good bash projects are need to learn bash.
• WAES is currently made for CTF boxes but is moving towards online uses (see todo section)

To Install

$> git clone https://github.com/Shiva108/WAES.git
$> cd WAES
$> sudo ./install.sh

Make sure directories are set correctly in supergobuster.sh. Should be automatic with Kali & Parrot Linux.

• Standard directories for lists : SecLists/Discovery/Web-Content & SecLists/Discovery/Web-Content/CMS
• Kali / Parrot directory list : /usr/share/wordlists/dirbuster/

To Run WAES

Web Auto Enum & Scanner – Auto enums website(s) and dumps files as result.

################################################################ Web Auto Enum & Scanner

Auto enums website(s) and dumps files as result ################################################################

Usage: waes.sh -u {IP} waes.sh -h

-h shows this help
-u IP to test eg. 10.10.10.123
-p port nummer (default=80)

Example: ./waes.sh -u 10.10.10.130 -p 8080

Also Read – Skadi : Collect, Process & Hunt With Host Based Data From MacOS, Windows & Linux

Enumeration Process / Method

Step 0 – Passive scan – (disabled in the current version)

• whatweb – aggressive mode
• OSIRA (same author) – looks for subdomains

Step 1 – Fast scan

• wafw00 – firewall detection
• nmap with http-enum

Step 2 – Scan – in-depth

• nmap – with NSE scripts: http-date,http-title,http-server-header,http-headers,http-enum,http-devframework,http-dombased-xss,http-stored-xss,http-xssed,http-cookie-flags,http-errors,http-grep,http-traceroute
• nmap with vulscan (CVSS 5.0+)
• nikto – with evasion A and all CGI dirs
• uniscan – all tests except stress test (qweds)

Step 3 – Fuzzing

• super gobuster
  • gobuster with multiple lists
  • dirb with multiple lists
• xss scan (to come)

.. against target while dumping results files in report/ folder.

To Do

• Implement domain as input
• Add XSS scan
• Add SSL/TLS scanning
• Add domain scans
• Add golismero
• Add dirble
• Add progressbar
• Add CMS detection
• Add CMS specific scans