Capabilities

webscan offers a variety of scanning techniques to security teams working to gain a better handle on what web applications they have deployed across cloud providers and on-premise environments. Each of the below pages offers you an in depth look at a webscan capability related to a unique scanning technique.

• Discover
• Enumerate
• Pentest

Top Level Flags

webscan has several top level flags that can be used on any subcommand. These include:

Flags:
  -h, --help                 help for webscan
  -o, --output string        Output format (signal, json, yaml). Default value is signal (default "signal")
  -f, --output-file string   Path to output file. If blank, will output to STDOUT
  -q, --quiet                Suppress output
  -v, --verbose              Verbose output

Available Commands

webscan provides the following main commands:

• discover: Perform various discovery scans to identify web applications, directories, routes, and static assets
• enumerate: Perform various enumeration scans to identify and analyze web application components, APIs, and security controls
• pentest: Perform various pentest scans to identify vulnerabilities and security issues
• completion: Generate autocompletion scripts for various shells
• help: Get help about any command
• version: Display version information

Version Command

Run webscan version to get the exact version information for your binary

Output Formats

For more information on the various output formats that are supported by webscan, see the Output Formats page in our organization wide documentation.