WAES : Web Auto Enum & Scanner

WAES is nothing but Web Auto Enum & Scanner. Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on.

A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum process can be optimised while saving time for hacker. This is what CPH:SEC WAES or Web Auto Enum & Scanner is created for. WAES runs 4 steps of scanning against target (see more below) to optimise the time spend scanning.

While multi core or multi-threaded scanning could be implemented it will almost surely get boxes to hang and so is undesirable.

  • From current version and forward WAES will include an install script (see blow) as project moves from alpha to beta phase.
  • WAES could have been developed in python but good bash projects are need to learn bash.
  • WAES is currently made for CTF boxes but is moving towards online uses (see todo section)

To Install

$> git clone https://github.com/Shiva108/WAES.git
$> cd WAES
$> sudo ./install.sh

Make sure directories are set correctly in supergobuster.sh. Should be automatic with Kali & Parrot Linux.

  • Standard directories for lists : SecLists/Discovery/Web-Content & SecLists/Discovery/Web-Content/CMS
  • Kali / Parrot directory list : /usr/share/wordlists/dirbuster/

To Run WAES

Web Auto Enum & Scanner – Auto enums website(s) and dumps files as result.

################################################################ Web Auto Enum & Scanner

Auto enums website(s) and dumps files as result ################################################################

Usage: waes.sh -u {IP} waes.sh -h

-h shows this help
-u IP to test eg. 10.10.10.123
-p port nummer (default=80)

Example: ./waes.sh -u 10.10.10.130 -p 8080

Also Read – Skadi : Collect, Process & Hunt With Host Based Data From MacOS, Windows & Linux

Enumeration Process / Method

Step 0 – Passive scan – (disabled in the current version)

  • whatweb – aggressive mode
  • OSIRA (same author) – looks for subdomains

Step 1 – Fast scan

  • wafw00 – firewall detection
  • nmap with http-enum

Step 2 – Scan – in-depth

  • nmap – with NSE scripts: http-date,http-title,http-server-header,http-headers,http-enum,http-devframework,http-dombased-xss,http-stored-xss,http-xssed,http-cookie-flags,http-errors,http-grep,http-traceroute
  • nmap with vulscan (CVSS 5.0+)
  • nikto – with evasion A and all CGI dirs
  • uniscan – all tests except stress test (qweds)

Step 3 – Fuzzing

  • super gobuster
    • gobuster with multiple lists
    • dirb with multiple lists
  • xss scan (to come)

.. against target while dumping results files in report/ folder.

To Do

  • Implement domain as input
  • Add XSS scan
  • Add SSL/TLS scanning
  • Add domain scans
  • Add golismero
  • Add dirble
  • Add progressbar
  • Add CMS detection
  • Add CMS specific scans
Download
R K

Share
Published by
R K
Tags: ScannerWAESWeb Auto Enum
7 years ago

Recent Posts

How to Install Java on Ubuntu 24.04 Easily in 2026

Java remains one of the most widely used programming platforms for servers, enterprise applications, Android…

14 hours ago

How to Install DEB Files on Ubuntu in 2026 (Step-by-Step Beginner Guide)

Ubuntu users often download software directly from developer websites instead of using the default app…

14 hours ago

Things to Do After Installing Ubuntu 26.04 LTS for a Fast, Secure Setup

Installing Ubuntu 26.04 LTS is only the first step toward building a smooth, secure, and…

3 days ago

How to Prevent Software Supply Chain Attacks

What is a Software Supply Chain Attack? A software supply chain attack occurs when a…

1 month ago

How UDP Works and Why It Is So Fast

When people ask how UDP works, the simplest answer is this: UDP sends data quickly…

2 months ago

How EDR Killers Bypass Security Tools

Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…

2 months ago