Wapiti

Wapiti is an open-source web application vulnerability scanner written in Python that performs black-box security audits by crawling deployed web applications, extracting URLs and forms, and injecting payloads to detect vulnerabilities including SQL injection, cross-site scripting (XSS), file inclusion, command execution, XXE injections, CRLF injections, server-side request forgery, and open redirects aligned with OWASP Top 10 and SANS 25. The tool operates as a fuzzer that sends malicious payloads to test scripts for security weaknesses without analyzing source code, supporting session management with sqlite3 databases for scan resumption, multiple authentication methods including Basic, Digest, and NTLM, and generating comprehensive vulnerability reports in HTML, XML, JSON, TXT, and CSV formats for integration into security testing workflows throughout the software development lifecycle.