NOTE: This framework is designed to be used with the Wildfire Toolkit
The Web Application Penetration Testing (WAPT) Framework is a full stack application designed to act as a Command & Control center for web app pen testing and bug bounty hunting. The tool works by allowing users to add Fully-Qualified Domain Names (FQDNs), more commonly referred to as "Seeds" or "Roots" in bug bounty hunting. These FQDNs are then scanned using wildfire.py
from the Wildfire Toolkit with the results of the scans being stored and managed in the WAPT Framework.
Check out my LinkedIn posts like this one for more information on how I search for bugs and where this framework falls into the bigger picture of my methodology!
NOTE: This app requres Node 14.x and NPM 6.x to install successfully
I recommend installing this framework on a Windows machine since it's simpler to install and use older versions of Node/NPM.
Downloading/Install Git for Windows: https://gitforwindows.org/
Download/Install Node (NPM will be included): https://nodejs.org/en/blog/release/v14.17.3/
Download/Install MongoDB: https://www.mongodb.com/try/download/community
Install Server NPM Packages (From Root Directory):
npm install
Insall Client NPM Packages (From client
Directory):
npm install
Install nodemon:
npm install -g nodemon
Server (Root Directory):
nodemon server.js
Client (client
Directory):
npm run start