Webpwn3r – Web Application Vulnerability Scanner

Webpwn3r is a powerful scanning tool, written in Python, to detect remote command execution vulnerabilities, cross site scripting attacks, and database weaknesses in the web applications.


The current version of the tool has the ability to scan a single url or list of urls provided in a text file. The tool is able to provide information about the remote code injection vulnerabilities in the desired url or list of urls. Webpwn3r can detect WAF (Web Application Firewall) technologies such as Web Knight , it also performs XSS vulnerability scanning on the target web applications. The other features include the fingerprinting of the backend technologies of the target web applications and scanning for SQL injection vulnerabilities on the target web application.


Webpwn3r can be installed by cloning the tool from github repository using the following command.

git clone https://github.com/zigoo0/webpwn3r

How it Works

Using Webpwn3r is quite simple.  After successfully cloning the tool, change the directory to the Webpwn3r folder to run the following command.

python scan.py

The command launches the Webpwn3r with an option to select a single url or multiple urls scanning. For the sake of this tutorial, we have selected first option i-e single url scanning. Once the url is provided to the tool, it  makes a connection with the remote web application server. The status code [200 ok] means the connection has been setup successfully and the tool is ready to start the fingerprinting of the remote technology used by the web application. After fingerprinting, Webpwn3r scans the target url for Remote code (command execution), XSS, and error based SQL injection possibilities. The tool tests the SQL injection for MySQL, MSSQL, MSACCESS, PostGreSQL, and Oracle databases. If the target url is secure, the tool responds with no vulnerabilities found message.

If a vulnerability exists on a target url, it is displayed in the Webpwn3r results.

Webpwn3r is a powerful scanning tool with the payloads that can bypass many security filters and web applications firewalls. The tool is very useful for web applications penetration testing.

What Bunny rating does it get?

The tool is pretty useful for finding some more of the extreme vulnerabilities, however it would be nice to see a larger plethora of vulnerabilities for it to scan for.  As a result we have decided to give this tool a very respectable rating of 3.5/5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive discount here

Help support LHN by buying a T-shirt or a mug?

Check out our selection here

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

Related posts

Microsoft June 2024 Patch Tuesday Update Fixed ~50 Vulnerabilities

Upgrade Your PHP Installations for A Critical RCE Flaw Patch

Quit Using EmailGPT as Vulnerability Risks Users Data