Blog

Launching Web Application Security Scans From The Command Line

Starting with Websecurify 0.6, you can launch the web application security scanner from the command line. The syntax is very simple. Here is an example:

websecurify.exe -websecurifytest http://yourapp.com

You can also specify your workspace like this (otherwise a new one will be created and used):

websecurify.exe -websecurfiytest http://yourapp.com -workspace MyAppWorkspace

However, Websecurify 0.7 changes this syntax a bit. The "workspace" flag is removed for various reasons. Instead, you can use the following syntax:

websecurify.exe -websecurifytest http://myapp.com,MyAppWorkspace

You can also start multiple tests like this:

websecurify.exe -websecurfitest http://myapp.com,MyAppWorkspace,http://mysecondapp.com,MySecondWorkspace

You can also combine multiple tests into a single workspace. Here is how you can do that:

websecurify.exe -websecurifytest http://app1.com,ws1,http://app2.com,ws1,http://app3.com,ws1

However, we may also implement the following shortcut syntax:

websecurify.exe -websecurifytest http://app1.com,MyWorkspace,http://app2.com,-,http://app3.com,-

More exciting new feature are coming in 0.7 as well as hundreds of scanner, ui and stability improvements. Stay tuned!
Posted by pdp at 10:22

6 comments:

  2. Will be More Helpful, if anybody shows me how to script and customize this tool using java-script.
    ReplyDelete
  3. Although there is no formal documentation at the moment you can get everything that you need at http://developer.mozilla.org. Development docs are planned around version 1.0.
    ReplyDelete
  4. Hi,
    How do you go about setting up websecurify so it will run from the commandline on a linux(centos) build? Im currently trying to integrate it with teamcity without much luck!
    Thanks
    Nick
    ReplyDelete
  5. while the current version certainly can be invoked from the command line, the tool is designed to work within a GUI. however, we will be releasing soon a server edition and a version that will run on nodejs... which is probably what you are after
    ReplyDelete
  6. Just to update anyone reading this post, since 0.9 it is no longer possible to start a test from the command line. We are working on special command line version which will be much easier to use and will not require the desktop/graphical environment.
    ReplyDelete

Subscribe to: Post Comments (Atom)