icon Book Free Consultation

W9scan Tool Web Application Vulnerability Scanner


W9scan is an excellent Plug-in type web vulnerability scanner that scan the code with the 1200+ built-in plugins and performs one-time detection on the website. It performs Web fingerprint reconnaissance,Port detection,website structure analysis, vulnerability scanning(detects SQL injection & XSS), directory carwling etc., At the end of the execution W9scan will generate an detailed HTML report of the target.


Lock image


Installation Manual

Step 1: Download or Clone the W9scan tool in to your machine.

root:~#git clone https://github.com/w-digital-scanner/w9scan.git

Step 2: Navigate the W9san directory

root:~#cd W9scan

Step 3: Change the Installation file into the executable format

root:~/W9scan#chmod +777 w9scan.py

Step 4: Run the W9scan tool by using the following command in your terminal

root:~/W9scan#python w9scan.py -u


User Manual

  • python w9scan.py --update Update procedure

  • python w9scan.py --guide Start w9scan in wizard mode

  • python w9scan.py -u "https://x.hacking8.com" Quickly scan a website

  • python w9scan.py -u "https://blog.hacking8.com/" -p emlog Specify the plugin to scan the website

  • python w9scan.py -u "@1.txt" -p emlog Specify plugins to scan websites in batches

  • python w9scan.py -s emlog Search for the presence of a plugin

  • --banner Output banner

  • --debug Output debugging information

Fingerprint detection

  • Finds the website CMS (300+)

  • Finds the Ports and its Service information

  • Finds the website scripting Language

  • Finds the type of Operating System running

  • Fingerprints the Web Application Firewall if exits

Attack parameters

  • SQL injection (based on crawler)

  • XSS injection (based on crawler)

  • Mass Fuzz parameter scanning

  • CVE vulnerability

  • 1200+Designated plug-in directed verification attack,

  • struts Vulnerability collection (including automatic detection)

  • Shellshock cgi test

  • heartbeat Bleeding vulnerability scan

  • IIS parsing vulnerability

  • IIS Put vulnerability

Brute force

  • Performs Crawling based bruteforce attacks to find the Backup files and directories

  • Common Directory enumeration

  • Common documents enumeration

  • Subdomain brute force analysis

  • fckeditorPath enumeration

  • Common mdbdatabase enumeration

  • git svn Leak identification

  • TOMCAT web.xml Give way

Information Gathering

  • Performs crawling and checks for any Emails information
  • Private IP Disclosure Detection
  • E-mail (based on reptiles)
  • Detect Warnings, Fatal Error,..
  • Grabs the Banner Information (server & Framework)
  • PHP version recognition
  • IP address attribution
  • Integrated Wappalyzerrecognition script for finding site information
  • robots.txt Parsing
  • Detect Insecure HTTP Security headers
  • Detect Insecure Cookie Attributes