Spaghetti is a web-app security scanner software. It is intended to discover different default and insecure documents, configurations, and misconfigurations. Spaghetti is based on python2.7 and can keep running on any platform which has a Python environment.
You can download this tool from the “https://github.com/cyberheartmi9/Spaghetti” page.
Clone Spaghetti to the “/opt” directory.
Then navigate to the “Spaghetti” folder and install the requirements.
Ex: ([email protected]:/opt/Spaghetti# pip install -r requirements.txt).
To start the tool, use the “python” command.
Ex: ([email protected]:/opt/Spaghetti# python spaghetti.py).
It will bring up the help page and usage information.
Let’s see this tool in action and perform a full scan (-s 0) using a deep crawler (- -crawler) on our webserver.
Since we used the “ – -crawler” operator, the whole process will take some time to complete. The Spaghetti will try to reach every possible page and retrieve every possible misconfiguration, as you can see in the screenshot below.
This is indeed a useful tool for scanning web applications. It has the potential to collect data as well as attack a web service. Spaghetti is a valuable tool that could come in handy during a red team engagement.