TrixSec
diff --git a/‎README.md‎
Lines changed: 95 additions & 60 deletions b/‎README.md‎
Lines changed: 95 additions & 60 deletions
diff --git a/‎VERSION‎
Lines changed: 1 addition & 1 deletion b/‎VERSION‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data/cveinfo.py‎
Lines changed: 26 additions & 1 deletion b/‎data/cveinfo.py‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎doc/CVEVULN.md‎
Lines changed: 73 additions & 8 deletions b/‎doc/CVEVULN.md‎
Lines changed: 73 additions & 8 deletions
diff --git a/‎lib/ProfileCritical/cms_detector.py‎
Lines changed: 0 additions & 21 deletions b/‎lib/ProfileCritical/cms_detector.py‎
Lines changed: 0 additions & 21 deletions
@@ -1,12 +1,12 @@
 # Waymap - Web Vulnerability Scanner.
 
-**Current Version**: 5.5.1
+**Current Version**: 5.6.1
 **Author**: Trix Cyrus  
 **Copyright**: © 2024 Trixsec Org  
 **Maintained**: Yes
 
 ## What is Waymap?
-Waymap is a fast and optimized And Automated web vulnerability scanner designed for penetration testers. It effectively identifies vulnerabilities by testing against a variety of payloads.
+**Waymap** is a fast and optimized web vulnerability scanner designed to identify security flaws in web applications. With support for multiple scan types and customizable configurations, it is a versatile tool for ethical hackers, penetration testers, and security enthusiasts. And Is Able To Scan For **75+ Web Vulnerabilities**
 
 ### Demo Video
 Check out this video to see Waymap in action:
@@ -51,76 +51,111 @@ Check out this video to see Waymap in action:
 - 11 Critical-Risk CVEs And 34 High-Risk CVEs
 - For CVEs Info Read The CVEVULN.md File 
 
-### Waymap Features
-
-1. **Vulnerability Scanning Modules:**
-   - SQL Injection (SQLi)
-   - Command Injection
-   - Server-Side Template Injection (SSTI)
-   - Cross-Site Scripting (XSS) with filter bypass payload testing
-   - Local File Inclusion (LFI)
-   - Open Redirect
-   - Carriage Return and Line Feed (CRLF)
-   - Cross-Origin Resource Sharing (CORS)
-   - Critical and High-Risk Scan Profiles (45 CVEs: WordPress - 19, Drupal - 4, Joomla - 7, Generic/Others - 2)
-
-2. **Web Crawling:**
-   - Initial crawling functionality
-   - Enhanced crawler to operate within target domain boundaries and handle URL redirection
-   - Advanced crawler capable of any-depth crawling
-   - Improved v3 crawler (competitive with SQLmap crawler)
-
-3. **Concurrency & Threading:**
-   - Concurrency to utilize multiple CPU threads for faster scans
-   - Custom thread count for Open Redirect, CRLF, and CORS scans
-   - New argument `--threads/-T` for global threading count (no prompt for threads)
-
-4. **Multi-Target Scanning:**
-   - Support for scanning multiple URLs with `--multi-target {targetfilename}.txt`
-   - Ability to scan URLs directly without crawling using `--url/-u` and `--multi-url/-mu` arguments
-
-5. **Automation and Convenience:**
-   - Auto-update functionality (version-dependent)
-   - New argument `--check-updates` to check for and perform updates
-   - New argument `--random-agent` to randomize user-agents
-   - Header usage to make requests appear more legitimate and reduce detection/blocking
-   - Argument `--no-prompt/-np` to disable prompts (default input = 'n')
-
-6. **Scan Profiles & Severity-Based Scanning:**
-   - New critical and high-risk scan profiles (`--scan critical-risk` and `--scan high-risk`) using severity-based CVE exploits
-   - Argument `--profile critical-risk/high-risk` with `--profileurl` for streamlined scanning based on CVE severity
-
-7. **Logging and Stability:**
-   - Logging functionality for scan sessions
-   - Various bug fixes and optimizations for stability and processing speed
+#### v5.6.1 
+- Added New 19 CVEs Vulnerability Detections Logics
+- 8 Critical-Risk CVEs And 11 High-Risk CVEs
+- For CVEs Info Read The CVEVULN.md File 
 
 ---
 
-## Installation and Usage
+## 🚀 **Features**
+
+### 1. **Flexible Scanning Options**
+   - **Target-based scanning:** 
+     Scan single or multiple targets using `--target` or `--multi-target` options (Requires Crawling).
+   - **Direct URL scanning:** 
+     Use `--url` or `--multi-url` to scan specific URLs without crawling.
+   - **Profile-based scanning:** 
+     Supports high-risk and critical-risk scan profiles for targeted assessments.
+
+### 2. **Supported Scan Types**
+   - **SQL Injection (SQLi):**  
+     Detect vulnerabilities related to SQL injection.
+   - **Command Injection (CMDi):**  
+     Identify potential command execution vulnerabilities.
+   - **Server-Side Template Injection (SSTI):**  
+     Scan for template injection risks in server-side frameworks.
+   - **Cross-Site Scripting (XSS):**  
+     Check for reflective XSS vulnerabilities.
+   - **Local File Inclusion (LFI):**  
+     Locate file inclusion vulnerabilities.
+   - **Open Redirect:**  
+     Identify redirect-related issues.
+   - **Carriage Return and Line Feed (CRLF):**  
+     Scan for CRLF injection flaws.
+   - **Cross-Origin Resource Sharing (CORS):**  
+     Check for misconfigurations in CORS policies.
+   - **All-in-one scanning:**  
+     Perform all available scans in a single command.
+
+### 3. **Profile-based Scanning**
+   - **High-Risk Profile:**  
+   - **Critical-Risk Profile:**  
+     Focuses on severe vulnerabilities, such as CVE-based attacks.
+
+### 4. **Crawling Capabilities**
+   - Crawl target websites with customizable depth (`--crawl`).
+   - Automatically discover and extract URLs for scanning.
+
+### 5. **Threaded Scanning**
+   - Speed up scans with multithreading (`--threads`).
+
+### 6. **User-Agent Randomization**
+   - Randomize requests using different user agents (`--random-agent`).
+
+### 7. **Automation Features**
+   - Skip prompts using the `--no-prompt` option.
+   - Automatically handle missing directories, files, and session data.
+
+### 8. **Update Checker**
+   - Easily check for the latest updates (`--check-updates`).
 
-### Clone the repository:
-```bash
-git clone https://github.com/TrixSec/waymap.git
-```
+---
 
-### Install the required dependencies:
-```bash
-pip install .
-```
+## 🛠️ **How to Use**
+
+### Basic Commands
+1. **Scan a single target:**
+   ```bash
+   python waymap.py --crawl 3 --target https://example.com --scan {scan_type}
+   ```
+2. **Scan multiple targets from a file:**
+   ```bash
+   python waymap.py --crawl 3 --multi-target targets.txt --scan {scan_type}
+   ```
+3. **Directly scan a single URL:**
+   ```bash
+   python waymap.py --url https://example.com/page?id=1 --scan {scan_type}
+   ```
+4. **Profile-based scanning:**
+   ```bash
+   python waymap.py --profileurl https://example.com --profile high-risk/critical-risk
+   ```
+
+### Thread Configuration
+1. **Use threading for faster scans:**
+   ```bash
+   python waymap.py --crawl 3 --target https://example.com --scan ssti --threads 10
+   ```
+
+### Update Check
+1. **Ensure you have the latest version:**
+   ```bash
+   python waymap.py --check-updates
+   ```
 
-### Run Waymap:
-```bash
-python waymap.py --crawl 1 --scan sql/cmdi/ssti/xss/lfi/open-redirect/crlf/cors/all --target/--multi-target https://example.com/{filename}.txt
-```
-```bash
-python waymap.py --scan sql/cmdi/ssti/xss/lfi/open-redirect/crlf/cors/all --url/--mutli-url https://example.com/index.php?id=1/{filename}.txt
-```
 ### Check Help
 ```bash
 python waymap.py -h
 
 ```
 
+---
+
+
+### Waymap makes web vulnerability scanning efficient and accessible. Start securing your applications today! 🎯
+
+
 #### Credits
 - Thanks SQLMAP For Payloads Xml File
 
 
@@ -1 +1 @@
-5.5.1
+5.6.1
@@ -1,5 +1,6 @@
 # Copyright (c) 2024 waymap developers
 # See the file 'LICENSE' for copying permission.
+# Note: IF YOU ARE USING/COPYING THESE DATA YOU SHOULD HAVE ENOUGH PERMISSIONS FROM THE AUTHOR
 
 # cve vuln version data
 # cveinfo.py
@@ -16,7 +17,6 @@
         {"cve_id": "CVE-2023-28121", "plugin_name": "woocommerce-payments", "vulnerable_version": "5.6.2"},
         {"cve_id": "CVE-2024-7854", "plugin_name": "woo-inquiry", "vulnerable_version": "0.2"},
         {"cve_id": "CVE-2024-3673", "plugin_name": "web-directory-free", "vulnerable_version": "1.7.3"},
-
 ]
 
 wphighcves = [
@@ -55,3 +55,28 @@
         {"cve_id": "CVE-2021-24741", "plugin_name": "supportboard", "vulnerable_version": "3.3.4"},
         {"cve_id": "CVE-2021-24774", "plugin_name": "check-email", "vulnerable_version": "1.0.3"},
 ]
+
+CVE_DATABASE_DRUPAL = [
+    {"cve_id": "CVE-2006-2742", "vulnerable_version": "4.6 - 4.6.6, 4.7.0"},
+    {"cve_id": "CVE-2007-6299", "vulnerable_version": "4.7 - 4.7.9, 5.0 - 5.4"},
+    {"cve_id": "CVE-2014-3704", "vulnerable_version": "7.0 - 7.31"},
+    {"cve_id": "CVE-2016-3163", "vulnerable_version": "6.0 - 6.38, 7.0 - 7.43"},
+    {"cve_id": "CVE-2006-2831", "vulnerable_version": "4.6 - 4.6.8, 4.7 - 4.7.2"},
+    {"cve_id": "CVE-2006-5476", "vulnerable_version": "4.6 - 4.6.10, 4.7 - 4.7.4"},
+    {"cve_id": "CVE-2020-13671", "vulnerable_version": "9.0 - 9.0.8, 8.9 - 8.9.9, 8.8 - 8.8.11, 7 - 7.74"},
+    {"cve_id": "CVE-2011-2687", "vulnerable_version": "7.0 - 7.3"},
+    {"cve_id": "CVE-2016-6211", "vulnerable_version": "7.0 - 7.44"},
+    {"cve_id": "CVE-2011-2726", "vulnerable_version": "7.0 - 7.5"},
+    {"cve_id": "CVE-2016-3165", "vulnerable_version": "6 - 6.38"},
+]
+
+CVE_DATACRIT_DRUPAL = [
+    {"cve_id": "CVE-2008-6171", "vulnerable_version": "5.0 - 5.12, 6.0 - 6.6"},
+    {"cve_id": "CVE-2018-7600", "vulnerable_version": "7.5 - 7.58, 8.0 - 8.3.9, 8.4 - 8.4.6, 8.5 - 8.5.1"},
+    {"cve_id": "CVE-2017-6925", "vulnerable_version": "8 - 8.3.7"},
+    {"cve_id": "CVE-2018-7602", "vulnerable_version": "7.0 - 8.0"},
+    {"cve_id": "CVE-2020-13665", "vulnerable_version": "8.8 - 8.8.8, 8.9 - 8.9.1, 9.0 - 9.0.1"},
+    {"cve_id": "CVE-2017-6920", "vulnerable_version": "8.0 - 8.3.3"},
+    {"cve_id": "CVE-2019-6339", "vulnerable_version": "7 - 7.62, 8.6 - 8.6.6, 8.5 - 8.5.9"},
+    {"cve_id": "CVE-2011-2715", "vulnerable_version": "6.20"},
+]
@@ -1,11 +1,13 @@
-# WordPress CVE Vulnerabilities
+# CVE Vulnerabilities Tested By WAYMAP 
 
-This document lists WordPress plugin vulnerabilities categorized by their severity.
-Which Are Being Tested By Waymap
+#### **Current Total Count: 67**
+
+This document lists WordPress/Drupal vulnerabilities categorized by their severity.
+Which Are Being Tested By Waymap 
 
 
 ### **Critical Risk CVEs**:
- **Total CVEs**: 11
+ **Total CVEs**: 19
    - CVE-2023-2732
    - CVE-2022-1386
    - CVE-2022-0739
@@ -17,9 +19,18 @@ Which Are Being Tested By Waymap
    - CVE-2023-28121
    - CVE-2024-7854
    - CVE-2024-3673
+   - CVE-2008-6171
+   - CVE-2018-7600
+   - CVE-2017-6925
+   - CVE-2018-7602
+   - CVE-2020-13665
+   - CVE-2017-6920
+   - CVE-2019-6339
+   - CVE-2011-2715
+
 
 ### **High Risk CVEs**:
- **Total CVEs**: 34
+ **Total CVEs**: 48
    - CVE-2024-7780
    - CVE-2024-7766
    - CVE-2021-24142
@@ -54,12 +65,27 @@ Which Are Being Tested By Waymap
    - CVE-2021-24626
    - CVE-2021-24741
    - CVE-2021-24774
+   - CVE-2006-2742
+   - CVE-2007-6299
+   - CVE-2014-3704
+   - CVE-2006-2742
+   - CVE-2007-6299
+   - CVE-2014-3704
+   - CVE-2016-3163
+   - CVE-2006-2831
+   - CVE-2006-5476
+   - CVE-2020-13671
+   - CVE-2011-2687
+   - CVE-2016-6211
+   - CVE-2011-2726
+   - CVE-2016-3165
+
 
 ---
 
 ### Summary:
-- **Critical Risk CVEs**: 11 vulnerabilities
-- **High Risk CVEs**: 34 vulnerabilities
+- **Critical Risk CVEs**: 19 vulnerabilities
+- **High Risk CVEs**: 48 vulnerabilities
 
 ---
 
@@ -120,4 +146,43 @@ Which Are Being Tested By Waymap
 | CVE-2021-24741   | supportboard                                     | < 3.3.4                |
 | CVE-2021-24774   | check-email                                      | < 1.0.3                |
 
----
+---
+
+Here’s a table for the Drupal CVEs you provided with the associated vulnerable versions:
+
+### Critical Severity Drupal CVEs
+
+Here's the updated table with the additional CVEs included:
+
+| **CVE ID**       | **Vulnerable Component**                         | **Vulnerable Version**                                 |
+|-------------------|--------------------------------------------------|-------------------------------------------------------|
+| CVE-2006-2742    | Drupal Core                                      | 4.6 - 4.7.0                                           |
+| CVE-2007-6299    | Drupal Core                                      | 4.7 - 4.7.9, 5.0 - 5.4                                |
+| CVE-2014-3704    | Drupal Core                                      | 7.0 - 7.31                                            |
+| CVE-2016-3163    | Drupal Core                                      | 6.0 - 6.38, 7.0 - 7.43                                |
+| CVE-2006-2831    | Drupal Core                                      | 4.6 - 4.6.8, 4.7 - 4.7.2                              |
+| CVE-2006-5476    | Drupal Core                                      | 4.6 - 4.6.10, 4.7 - 4.7.4                             |
+| CVE-2020-13671   | Drupal Core                                      | 9.0 - 9.0.8, 8.9 - 8.9.9, 8.8 - 8.8.11, 7 - 7.74      |
+| CVE-2011-2687    | Drupal Core                                      | 7.0 - 7.3                                             |
+| CVE-2016-6211    | Drupal Core                                      | 7.0 - 7.44                                            |
+| CVE-2011-2726    | Drupal Core                                      | 7.0 - 7.5                                             |
+| CVE-2016-3165    | Drupal Core                                      | 6 - 6.38                                              |
+
+---
+
+### High Severity Drupal CVEs
+
+Here is a separate table for the **CVE_DATACRIT_DRUPAL** data:
+
+| **CVE ID**       | **Vulnerable Component**                         | **Vulnerable Version**                                 |
+|-------------------|--------------------------------------------------|-------------------------------------------------------|
+| CVE-2008-6171    | Drupal Core                                      | 5.0 - 5.12, 6.0 - 6.6                                 |
+| CVE-2018-7600    | Drupal Core                                      | 7.5 - 7.58, 8.0 - 8.3.9, 8.4 - 8.4.6, 8.5 - 8.5.1     |
+| CVE-2017-6925    | Drupal Core                                      | 8 - 8.3.7                                             |
+| CVE-2018-7602    | Drupal Core                                      | 7.0 - 8.0                                             |
+| CVE-2020-13665   | Drupal Core                                      | 8.8 - 8.8.8, 8.9 - 8.9.1, 9.0 - 9.0.1                 |
+| CVE-2017-6920    | Drupal Core                                      | 8.0 - 8.3.3                                           |
+| CVE-2019-6339    | Drupal Core                                      | 7 - 7.62, 8.6 - 8.6.6, 8.5 - 8.5.9                    |
+| CVE-2011-2715    | Drupal Core                                      | 6.20                                                  |
+
+---
@@ -53,23 +53,6 @@ def detect_drupal(response, profile_url):
 
     return None
 
-def detect_joomla(response, profile_url):
-    joomla_paths = ['/administrator/', '/index.php']
-    for path in joomla_paths:
-        full_url = urljoin(profile_url, path)
-        if requests.get(full_url).status_code == 200:
-            return "Joomla"
-    
-    if 'meta name="generator" content="Joomla' in response.text:
-        return "Joomla"
-
-    joomla_common_files = ['/templates/', '/media/system/js/']
-    for file in joomla_common_files:
-        full_url = urljoin(profile_url, file)
-        if requests.get(full_url).status_code == 200:
-            return "Joomla"
-    
-    return None
 
 def detect_cms(profile_url):
     try:
@@ -83,10 +66,6 @@ def detect_cms(profile_url):
         if cms:
             return cms
 
-        cms = detect_joomla(response, profile_url)
-        if cms:
-            return cms
-
         return "Unknown/Other"
 
     except requests.RequestException as e: