Current Version: 6.2.11
Author: Trix Cyrus(Vicky)
Copyright: Β© 2024-25 Trixsec Org
Maintained: Yes
Waymap is a fast and optimized web vulnerability scanner designed to identify security flaws in web applications. With support for multiple scan types and customizable configurations, it is a versatile tool for ethical hackers, penetration testers, and security enthusiasts. And Is Able To Scan For 75+ Web Vulnerabilities
- Removed Old Error Based Sql Method Use the new one by --scan sqli
- Updated The Open Redirect Vuln Testing In Waymap
- Updated The Crawler To v4
- Added 249 High Risk Cves Data In Waymap
- Total Count: 390
- Added New Module In Deepscan Profile : Vulnerable Javascript Library And Files Scanner
- Added WAF/IPS Detector In Waymap Can Detect More Than 160 Types of Waf
- Usage: --check-waf/--waf https://example.com
- XSS payload file missing error fix
- some minor bugs fix
- updated the SQL Injection Exiting logic
- minor bug fixes
- Added Time Based Sqli Scanning Logic
- Added Scan Results Saving Logic
- Added Interactive Prompt Based And Arggument Based Scanning Logic
- Updated The UI
- Bug Fixed
- Optimised
- Reduced Lag
- Multi-threading in SQLi
- Install Waymap using
pip install waymap
--- New Big Updates Soon
- Target-based scanning:
Scan single or multiple targets using
--targetor--multi-targetoptions - Profile-based scanning: Supports high-risk, critical-risk and deepscan scan profiles for targeted assessments.
- SQL Injection (SQLi):
Detect vulnerabilities related to SQL injection. - Command Injection (CMDi):
Identify potential command execution vulnerabilities. - Server-Side Template Injection (SSTI):
Scan for template injection risks in server-side frameworks. - Cross-Site Scripting (XSS):
Check for reflective XSS vulnerabilities. - Local File Inclusion (LFI):
Locate file inclusion vulnerabilities. - Open Redirect:
Identify redirect-related issues. - Carriage Return and Line Feed (CRLF):
Scan for CRLF injection flaws. - Cross-Origin Resource Sharing (CORS):
Check for misconfigurations in CORS policies. - All-in-one scanning:
Perform all available scans in a single command.
- High-Risk Profile:
- Critical-Risk Profile:
- deepscan Profile: Focuses on severe vulnerabilities, such as CVE-based attacks.
- Crawl target websites with customizable depth (
--crawl). - Automatically discover and extract URLs for scanning.
- Speed up scans with multithreading (
--threads).
- Skip prompts using the
--no-promptoption. - Automatically handle missing directories, files, and session data.
- Easily check for the latest updates (
--check-updates).
- Scan a single target:
python waymap.py --crawl 3 --target https://example.com --scan {scan_type} - Scan multiple targets from a file:
python waymap.py --crawl 3 --multi-target targets.txt --scan {scan_type} - Directly scan a single Target Without Crawling:
python waymap.py --target https://example.com/page?id=1 --scan {scan_type} - Directly Scan multiple targets from a file:
python waymap.py --multi-target targets.txt --scan {scan_type}(example url type: https://example.com/page?id=1 ) - Profile-based scanning:
python waymap.py --target https://example.com --profile high-risk/critical-risk/deepscan
- Use threading for faster scans:
python waymap.py --crawl 3 --target https://example.com --scan ssti --threads 10
- Ensure you have the latest version:
python waymap.py --check-updates
python waymap.py -h
Repository Views 
Waymap makes web vulnerability scanning efficient and accessible. Start securing your applications today! π―
- Thanks SQLMAP For Payloads Xml File
If you face any issues in Waymap, please submit them here: https://github.com/TrixSec/waymap/issues
Stay updated with the latest tools and hacking resources. Join our Telegram Channel by clicking the logo below:
