Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment.
$ git clone https://github.com/m4ll0k/Spaghetti.git
$ cd Spaghetti
$ pip install -r doc/requirements.txt
$ python spaghetti.py -h
-
Fingerprints
- Server
- Frameworks (CakePHP,CherryPy,Django,...)
- Firewall (Cloudflare,AWS,Barracuda,...)
- CMS (Drupal,Joomla,Wordpress)
- OS (Linux,Unix,Windows,...)
- Language (PHP,Ruby,Python,ASP,...)
-
Discovery:
- Admin Panel
- Apache Enumeration Users
- Apache XSS
- Apache ModStatus
- Backdoors
- Backup
- Captcha
- Common Directories
- Common Files
- Cookie Security
- Multiple Index
- Information Disclosure (Emails and Private IP)