# 3. Detect Web Vulnerabilities using using web application security tools

## <mark style="color:red;">1. Detect Web vulnerabilities using N-stalker</mark>

{% embed url="<https://www.nstalker.com/>" %}

## 2. Detect Web Application Vulnerabilities using Wapiti Web Application Security Scanner

1. n the terminal window run **cd wapiti** command to navigate into wapiti directory and run **python3 -m venv wapiti3** command to create virtual environment in python.

   ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/npg5xn0v.jpg)
2. Now, run **. wapiti3/bin/activate** command to activate virtual environment.

   ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/fhqfwpnc.jpg)
3. Run **pip install .** command to install wapiti web application security scanner.

   ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/3iixqu03.jpg)
4. After installing the tool run **wapiti -u <https://www.certifiedhacker.com>** command to perform web application security scanning on certifiedhacker.com website.

   > It takes approximately 10 minutes for the scan to complete.

   ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/dd2stq33.jpg)
5. Now, in the terminal run **cd /root/.wapiti/generated\_report/** to navigate to generated\_report directory.

   ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/fnis1duq.jpg)
6. Run **ls** command to view the contents of the directory. we can see that the **certifiedhacker.com\_xxxxxxxx\_xxxx.html** file is created.

   > The name of the .html file varies when you perform this lab.

   ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/ugoiksiu.jpg)
7. Run **cp certifiedhacker.com\_xxxxxxxx\_xxxx.html /home/attacker/** command to copy the .html file to **/home/attacker** location.

   ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/mjn4fn3d.jpg)
8. Open a new terminal and run **firefox certifiedhacker.com\_xxxxxxxx\_xxxx.html** command to open the .html file in Firefox browser.

   ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/c13h2dsb.jpg)
9. Wapiti scan report opens upp in Firefox browser, you can analyze the scan result with the discovered vulnerabilities.

   ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/nfoelzin.jpg)
10. Scroll down to view the detailed information regarding each discovered vulnerability.

    ![](https://labondemand.blob.core.windows.net/content/lab168811/screens/ngpbc1cq.jpg)

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ceh-practical.cavementech.com/module-14.-hacking-web-applications/3.-detect-web-vulnerabilities-using-using-web-application-security-tools.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.