Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment.
Demo

Installation
$ git clone https://github.com/cyberheartmi9/Spaghetti.git
$ cd Spaghetti
$ pip install -r requirements.txt
$ python spaghetti.py
Features
Fingerprints:
-
Server
-
Web Frameworks (CakePHP,CherryPy,...)
-
Web Application Firewall (Waf)
-
Content Management System (CMS)
-
Operating System (Linux,Unix,..)
-
Language (PHP,Ruby,...)
-
Cookie Security
Discovery:
-
Bruteforce
-
Admin Interface
-
Common Backdoors
-
Common Backup Directory
-
Common Backup File
-
Common Directory
-
Common File
-
Log File
Disclosure
-
Emails
-
Private IP
-
Credit Cards
Attacks
-
HTML Injection
-
SQL Injection
-
LDAP Injection
-
XPath Injection
-
Cross Site Scripting (XSS)
-
Remote File Inclusion (RFI)
-
PHP Code Injection
Other
-
HTTP Allow Methods
-
HTML Object
-
Multiple Index
-
Robots Paths
-
Web Dav
-
Cross Site Tracing (XST)
-
PHPINFO
-
.Listing
Vulns
-
ShellShock
-
Anonymous Cipher (CVE-2007-1858)
-
Crime (SPDY) (CVE-2012-4929)
-
Struts-Shock