WAES | Web Auto Enum & Scanner and Dumps Files as Result

XDJ

CPH: SEC WAES at a Glance

Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb, and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script, the enum process can be optimized while saving time for hackers. This is what CPH: SEC WAES or Web Auto Enum & Scanner is created for. WAES runs 4 steps of scanning against the target (see more below) to optimize the time spent scanning. While multi-core or multi-threaded scanning could be implemented it will almost surely get boxes to hang and so is undesirable.

From the current version and forward WAES will include an install script (see below) as the project moves from alpha to beta phase.
WAES could have been developed in python but good bash projects are needed to learn bash.
WAES is currently made for CTF boxes but is moving towards online uses (see todo section)

To install:

$> git clone https://github.com/Shiva108/WAES.git

2. $> cd WAES

3. $> sudo ./install.sh

Make sure directories are set correctly in supergobuster.sh. Should be automatic with Kali & Parrot Linux.

Standard directories for lists : SecLists/Discovery/Web-Content & SecLists/Discovery/Web-Content/CMS
Kali / Parrot directory list : /usr/share/wordlists/dirbuster/

To run WAES

Web Auto Enum & Scanner - Auto enums website(s) and dumps files as result.

##############################################################################

$$
Web Auto Enum & Scanner Auto enums website(s) and dumps files as result
$$

##############################################################################

Usage: waes.sh -u {IP} waes.sh -h

$$
-h shows this help -u IP to test eg. 10.10.10.123 -p port nummer (default=80) Example: ./waes.sh -u 10.10.10.130 -p 8080
$$

Enumeration Process / Method

WAES runs …

Step 0 - Passive scan - (disabled in the current version)

whatweb - aggressive mode
OSIRA (same author) - looks for subdomains

Step 1 - Fast scan

wafw00 - firewall detection
nmap with http-enum

Step 2 - Scan - in-depth

nmap - with NSE scripts: http-date,http-title,http-server-header,http-headers,http-enum,http-devframework,http-dombased-xss,http-stored-xss,http-xssed,http-cookie-flags,http-errors,http-grep,http-traceroute
nmap with vulscan (CVSS 5.0+)
nikto - with evasion A and all CGI dirs
uniscan - all tests except stress test (qweds)

Step 3 - Fuzzing

super gobuster
- gobuster with multiple lists
- dirb with multiple lists
xss scan (to come)

… against target while dumping results files in report/ folder.

To Do

Implement domain as input
Add XSS scan
Add SSL/TLS scanning
Add domain scans
Add golismero
Add dirble
Add progressbar
Add CMS detection
Add CMS specific scans

GitHub: https://github.com/Shiva108/WAES

Jeanrf

updated Download links ( free ):

1: https://mega.nz/file/lhduhscvf8fJIfgthjklm

2: https://mega.nz/file/hidfnbhytxIvbnhGZr2qvGx

4: https://drive.google.com/drive/folders/ljhel1QgzfgzMhvLO