Wapiti, pre-installed in Kali Linux, is an open-source web application vulnerability scanner designed for black-box security testing of web applications. Written in Python, it crawls websites to identify scripts and forms, injecting payloads to detect vulnerabilities such as SQL injection, cross-site scripting (XSS), file disclosure, command execution, XML external entity (XXE) injection, CRLF injection, and server-side request forgery (SSRF). Wapiti leverages a Nikto database to search for dangerous files and supports authentication, proxies, Tor, and customizable scan scopes (e.g., page, folder, domain). Its lightweight 1.54 MB footprint and modular design make it ideal for penetration testers and security auditors.
Wapiti Reviews & Ratings: See What Users and Experts Are Saying
Wapiti Alternatives 2025: Comparing Top Kali Linux Tools Platforms
Share Wapiti
Disclaimer: The content on this website is written and reviewed by experts in the fields of Artificial Intelligence and Software. Additionally, we may incorporate public opinions sourced from various social media platforms to ensure a comprehensive perspective.
Please note that the screen shots and images featured on this website are sourced from Wapiti website. We extend our gratitude and give full credit to Wapiti for their valuable contributions.
This page may include external affiliate links, which could earn us a commission if you decide to make a purchase through those links. However, the opinions expressed on this page are our own, and we do not accept payment for favorable reviews.