Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment.
Some of its features include:
Fingerprinting (Server and Web Frameworks (CakePHP,CherryPy,…)Discovery: (Bruteforce, Admin Interface, Common Backdoors)Disclosure: (Emails, Private IPs)Attacks: (HTML Injection, SQL Injection).
Getting Started
First, we have to clone the tool by typing the following command:
git clone https://github.com/cyberheartmi9/spaghetti.git
The once cloned, we change directory by typing the following command:
cd Security_Spaghetti
Then we install the requirements by typing the following command
pip install -r requirements.txt
Then we start spaghetti by typing the following command:
python spaghetti.py
Then to use the tool against your target website, type the following command:
python spaghetti --url [here type a url of your choice] --scan 0 --random-agent –verbose[Type the URL for which your client has given permission to pen test].
Spaghetti is an effective tool for web application scanning. It can gather information as well as attack a web application. This is a powerful tool and ay be useful for a red team engagement.