The BWASP tool basically provides predicted information through vulnerability analysis without proceeding with an attack.
BWASP supports performing automated analysis and manual analysis.
The BWASP Project supports:
Find Attack vector automatically. (e.g. SQL Injection, Cross-site Scripting) Detect website technology. Log4J vulnerability scan (Partially supports java language) HTTP REST API GuideLine Result Test payload option(attack test) Getting started pip3 install -r requirements.txt
BWASP Tool Guide Roadmap Add OSINT feature (find subdomains) Reference
Web Infra Environment Analysis: wappalyzer(https://github.com/AliasIO/wappalyzer)
Contact Contributor Acknowledgement
This work was supported by Korea Information Technology Research Institute (KITRI) Best of the Best (BoB) Program 10th vulnerability analysis track.
[Project Name: BoB Web Application Security Project]