Waymap

Added New 19 CVEs Vulnerability Detections Logics
8 Critical-Risk CVEs And 11 High-Risk CVEs
For CVEs Info Read The CVEVULN.md File

- New Sql Injection Scanning Module
- High Accuracy And Less False Positive
- Access it using: --scan sqli

Waymap Features

1. **Vulnerability Scanning Modules:**
- SQL Injection (SQLi)
- Command Injection
- Server-Side Template Injection (SSTI) with threading support
- Cross-Site Scripting (XSS) with filter bypass payload testing and threading support
- Local File Inclusion (LFI) with threading support
- Open Redirect with custom thread count
- Carriage Return and Line Feed (CRLF) with custom threading
- Cross-Origin Resource Sharing (CORS) with threading support
- Critical and High-Risk Scan Profiles using CVE exploits (32 CVEs: WordPress - 19, Drupal - 4, Joomla - 7, Generic/Others - 2)

2. **Web Crawling:**
- Initial crawling functionality
- Enhanced crawler to operate within target domain boundaries and handle URL redirection
- Advanced crawler capable of any-depth crawling
- Improved v3 crawler (competitive with SQLmap crawler)

3. **Concurrency & Threading:**
- Concurrency to utilize multiple CPU threads for faster scans
- Custom thread count for Open Redirect, CRLF, and CORS scans
- New argument `--threads/-T` for global threading count (no prompt for threads)

4. **Multi-Target Scanning:**
- Support for scanning multiple URLs with `--multi-target {targetfilename}.txt`
- Ability to scan URLs directly without crawling using `--url/-u` and `--multi-url/-mu` arguments

5. **Automation and Convenience:**
- Auto-update functionality (version-dependent)
- New argument `--check-updates` to check for and perform updates
- New argument `--random-agent` to randomize user-agents
- Header usage to make requests appear more legitimate and reduce detection/blocking
- Argument `--no-prompt/-np` to disable prompts (default input = 'n')

6. **Scan Profiles & Severity-Based Scanning:**
- New critical and high-risk scan profiles (`--scan critical-risk` and `--scan high-risk`) using severity-based CVE exploits
- Argument `--profile critical-risk/high-risk` with `--profileurl` for streamlined scanning based on CVE severity

7. **Logging and Stability:**
- Logging functionality for scan sessions
- Various bug fixes and optimizations for stability and processing speed

---

**Author**: Trix Cyrus
**Copyright**: © 2024 Trixsec Org
**Maintained**: Yes

What is Waymap?

Waymap is a fast and optimized And Automated web vulnerability scanner designed for penetration testers. It effectively identifies vulnerabilities by testing against a variety of payloads.

---

Waymap Features

1. **Vulnerability Scanning Modules:**
- SQL Injection (SQLi)
- Command Injection
- Server-Side Template Injection (SSTI) with threading support
- Cross-Site Scripting (XSS) with filter bypass payload testing and threading support
- Local File Inclusion (LFI) with threading support
- Open Redirect with custom thread count
- Carriage Return and Line Feed (CRLF) with custom threading
- Cross-Origin Resource Sharing (CORS) with threading support
- Critical and High-Risk Scan Profiles using CVE exploits (32 CVEs: WordPress - 19, Drupal - 4, Joomla - 7, Generic/Others - 2)

2. **Web Crawling:**
- Initial crawling functionality
- Enhanced crawler to operate within target domain boundaries and handle URL redirection
- Advanced crawler capable of any-depth crawling
- Improved v3 crawler (competitive with SQLmap crawler)

3. **Concurrency & Threading:**
- Concurrency to utilize multiple CPU threads for faster scans
- Custom thread count for Open Redirect, CRLF, and CORS scans
- New argument `--threads/-T` for global threading count (no prompt for threads)

4. **Multi-Target Scanning:**
- Support for scanning multiple URLs with `--multi-target {targetfilename}.txt`
- Ability to scan URLs directly without crawling using `--url/-u` and `--multi-url/-mu` arguments

5. **Automation and Convenience:**
- Auto-update functionality (version-dependent)
- New argument `--check-updates` to check for and perform updates
- New argument `--random-agent` to randomize user-agents
- Header usage to make requests appear more legitimate and reduce detection/blocking
- Argument `--no-prompt/-np` to disable prompts (default input = 'n')

6. **Scan Profiles & Severity-Based Scanning:**
- New critical and high-risk scan profiles (`--scan critical-risk` and `--scan high-risk`) using severity-based CVE exploits
- Argument `--profile critical-risk/high-risk` with `--profileurl` for streamlined scanning based on CVE severity

7. **Logging and Stability:**
- Logging functionality for scan sessions
- Various bug fixes and optimizations for stability and processing speed

---

Waymap - Web Vulnerability Scanner

added new scanning module: xss(cross site scripting) --scan xss
added xss filters bypass payload testing
added threading in xss testing
added new scanning module: LFI(Local File Inclusion) --scan lfi
added threading in lfi testing
--NEW--UPDATES--SOON--

fixed ssti exiting error