# 3. Detect Web Vulnerabilities using using web application security tools
## 1. Detect Web vulnerabilities using N-stalker
{% embed url="" %}
## 2. Detect Web Application Vulnerabilities using Wapiti Web Application Security Scanner
1. n the terminal window run **cd wapiti** command to navigate into wapiti directory and run **python3 -m venv wapiti3** command to create virtual environment in python.
2. Now, run **. wapiti3/bin/activate** command to activate virtual environment.
3. Run **pip install .** command to install wapiti web application security scanner.
4. After installing the tool run **wapiti -u ** command to perform web application security scanning on certifiedhacker.com website.
> It takes approximately 10 minutes for the scan to complete.
5. Now, in the terminal run **cd /root/.wapiti/generated\_report/** to navigate to generated\_report directory.
6. Run **ls** command to view the contents of the directory. we can see that the **certifiedhacker.com\_xxxxxxxx\_xxxx.html** file is created.
> The name of the .html file varies when you perform this lab.
7. Run **cp certifiedhacker.com\_xxxxxxxx\_xxxx.html /home/attacker/** command to copy the .html file to **/home/attacker** location.
8. Open a new terminal and run **firefox certifiedhacker.com\_xxxxxxxx\_xxxx.html** command to open the .html file in Firefox browser.
9. Wapiti scan report opens upp in Firefox browser, you can analyze the scan result with the discovered vulnerabilities.
10. Scroll down to view the detailed information regarding each discovered vulnerability.
{% embed url="" %}