Tool of the day

Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment.

Installation

$ git clone https://github.com/cyberheartmi9/Spaghetti.git

$ cd Spaghetti 

$ pip install -r requirements.txt

$ python spaghetti.py

Features

Fingerprints:

• Server

• Web Frameworks (CakePHP,CherryPy,...)

• Web Application Firewall (Waf)

• Content Management System (CMS)

• Operating System (Linux,Unix,..)

• Language (PHP,Ruby,...)

• Cookie Security

Discovery:

• Bruteforce

• Admin Interface

• Common Backdoors

• Common Backup Directory

• Common Backup File

• Common Directory

• Common File

• Log File

Disclosure

• Emails

• Private IP

• Credit Cards

Attacks

• HTML Injection

• SQL Injection

• LDAP Injection

• XPath Injection

• Cross Site Scripting (XSS)

• Remote File Inclusion (RFI)

• PHP Code Injection

Other

• HTTP Allow Methods

• HTML Object

• Multiple Index

• Robots Paths

• Web Dav

• Cross Site Tracing (XST)

• PHPINFO

• .Listing

Vulns

• ShellShock

• Anonymous Cipher (CVE-2007-1858)

• Crime (SPDY) (CVE-2012-4929)

• Struts-Shock