Current Version: 7.0.0
Author: Trix Cyrus (Vicky)
Copyright: Β© 2024-25 Trixsec Org
Maintained: Yes
Waymap is a fast and optimized web vulnerability scanner designed to identify security flaws in web applications. With support for multiple scan types and customizable configurations, it is a versatile tool for ethical hackers, penetration testers, and security enthusiasts. Capable of scanning for 75+ Web Vulnerabilities with a completely standardized, professional UI/UX.
Release Date: December 2024
This is a major release focused on consistency, stability, and professional user experience.
- β Unified Interface: All 15 scan modules now have consistent output formatting
- β Professional Headers: Every scan starts with a cyan-colored header banner
- β
Standardized Messages: Consistent icons and colors across all modules
[β’]Cyan - Information messages[β]Green - Vulnerabilities found[β ]Yellow - Warnings and prompts[β]Red - Errors[β]Blue - Debug/verbose output
- β Uniform Prompts: Consistent user interaction across all scan types
- β Completion Messages: Every scan properly indicates completion status
- β Fixed Critical Bugs: Resolved JSON structure inconsistencies causing crashes
- β Circular Import Resolution: Fixed module dependency issues
- β Enhanced Threading: Consistent thread management across all modules
- β Graceful Exit Handling: Proper KeyboardInterrupt handling everywhere
- β
Verbose Mode: Standardized debug output with
--verboseflag - β Result Saving: Fixed and standardized result saving across all scan types
Injection Scans (7)
- LFI (Local File Inclusion)
- CMDi (Command Injection)
- SSTI (Server-Side Template Injection)
- CRLF (CRLF Injection)
- CORS (CORS Misconfiguration)
- Open Redirect
- XSS (Cross-Site Scripting)
SQL Injection (3)
- Boolean-based SQLi
- Error-based SQLi
- Time-based SQLi
Profile Scans (3)
- High-Risk Profile (CMS-specific scans)
- Critical-Risk Profile (Critical CVE scans)
- Deep Scan Profile (Headers, Backups, JS, Directory Fuzzing)
Orchestrators (2)
- SQL Injection Orchestrator
- XSS Scanner
- Fixed
TypeError: list indices must be integersin result saving - Fixed missing
verboseparameter in LFI and CMDi scans - Fixed circular import issues with
stop_scanevent - Fixed missing dependencies and module exports
- Fixed inconsistent JSON structure across scan types
- Added missing
datetimeimport in error-based SQLi
- Created comprehensive standardization documentation
- Added UI/UX guidelines for future development
- Updated command reference with all options
- Created testing reports and progress tracking
- Install Waymap using
pip install waymap
- Multi-threading in SQLi
- Bug Fixed
- Optimised
- Reduced Lag
- Added Time Based SQLi Scanning Logic
- Added Scan Results Saving Logic
- Added Interactive Prompt Based And Argument Based Scanning Logic
- Updated The UI
- Updated the SQL Injection Exiting logic
- Minor bug fixes
- XSS payload file missing error fix
- Some minor bugs fix
- Added New Module In Deepscan Profile: Vulnerable Javascript Library And Files Scanner
- Added WAF/IPS Detector In Waymap Can Detect More Than 160 Types of WAF
- Usage:
--check-waf/--waf https://example.com
- Removed Old Error Based SQL Method Use the new one by
--scan sqli - Updated The Open Redirect Vuln Testing In Waymap
- Updated The Crawler To v4
- Added 249 High Risk CVEs Data In Waymap
- Total Count: 390
- Target-based scanning: Scan single or multiple targets using
--targetor--multi-targetoptions - Profile-based scanning: Supports high-risk, critical-risk and deepscan scan profiles for targeted assessments
- No-prompt mode: Automated scanning with
--no-promptflag - Verbose mode: Detailed debug output with
--verboseflag
- SQL Injection (SQLi): Detect vulnerabilities related to SQL injection (Boolean, Error-based, Time-based)
- Command Injection (CMDi): Identify potential command execution vulnerabilities
- Server-Side Template Injection (SSTI): Scan for template injection risks in server-side frameworks
- Cross-Site Scripting (XSS): Check for reflective XSS vulnerabilities
- Local File Inclusion (LFI): Locate file inclusion vulnerabilities
- Open Redirect: Identify redirect-related issues
- Carriage Return and Line Feed (CRLF): Scan for CRLF injection flaws
- Cross-Origin Resource Sharing (CORS): Check for misconfigurations in CORS policies
- All-in-one scanning: Perform all available scans in a single command
- High-Risk Profile: CMS-specific high-risk vulnerability scanning (WordPress, Drupal)
- Critical-Risk Profile: Critical CVE-based vulnerability scanning
- DeepScan Profile: Comprehensive deep scanning (Headers, Backup Files, JS Analysis, Directory Fuzzing)
- Crawl target websites with customizable depth (
--crawl) - Automatically discover and extract URLs for scanning
- Speed up scans with multithreading (
--threads) - Optimized thread management for better performance
- Skip prompts using the
--no-promptoption - Automatically handle missing directories, files, and session data
- Consistent result saving in JSON format
- Easily check for the latest updates (
--check-updates) - Auto-notification of new versions
- Detect 160+ types of WAF/IPS systems
- Usage:
--check-waf https://example.com
-
Scan a single target:
python waymap.py --crawl 3 --target https://example.com --scan {scan_type} -
Scan multiple targets from a file:
python waymap.py --crawl 3 --multi-target targets.txt --scan {scan_type} -
Directly scan a single target without crawling:
python waymap.py --target https://example.com/page?id=1 --scan {scan_type} -
Directly scan multiple targets from a file:
python waymap.py --multi-target targets.txt --scan {scan_type}(Example URL type: https://example.com/page?id=1)
-
Profile-based scanning:
python waymap.py --target https://example.com --profile high-risk python waymap.py --target https://example.com --profile critical-risk python waymap.py --target https://example.com --profile deepscan
-
Verbose mode for detailed output:
python waymap.py --target https://example.com --scan xss --verbose
-
No-prompt mode for automation:
python waymap.py --multi-target targets.txt --scan cors --no-prompt
- Use threading for faster scans:
python waymap.py --crawl 3 --target https://example.com --scan ssti --threads 10
-
Boolean-based SQLi:
python waymap.py --target https://example.com --scan sqli --technique B
-
Error-based SQLi:
python waymap.py --target https://example.com --scan sqli --technique E
-
Time-based SQLi:
python waymap.py --target https://example.com --scan sqli --technique T
- Ensure you have the latest version:
python waymap.py --check-updates
python waymap.py -h- Inconsistent output formatting across modules
- Different color themes for different scans
- Varying prompt styles
- Threading inconsistencies
- Result saving bugs
- β 100% Consistent UI/UX across all 15 modules
- β Professional Output with standardized colors and icons
- β Reliable Threading with proper stop_scan event handling
- β Fixed Result Saving with consistent JSON structure
- β Graceful Exit handling everywhere
- β Verbose Mode for debugging
- β Production Ready with polished user experience
Repository Views 
Waymap makes web vulnerability scanning efficient and accessible. Start securing your applications today! π―
- Thanks SQLMAP For Payloads XML File
If you face any issues in Waymap, please submit them here: https://github.com/TrixSec/waymap/issues
Stay updated with the latest tools and hacking resources. Join our Telegram Channel by clicking the logo below:
