Session management

Session Management

Since Wapiti version 3.0.0, scanned URLs, discovered vulnerabilities, and attack statuses are stored in SQLite databases as session files. This allows Wapiti to resume previous scans if needed. By default, Wapiti will resume a scan and attacks if a previous session exists for the base URL and scope.

The following options allow you to manage how Wapiti handles session files:

Available Options

• --skip-crawl

  If a previous scan was performed but wasn't completed, this option prevents Wapiti from resuming the scan. The attacks will be executed only on the URLs already discovered, without scanning for new ones.

• --resume-crawl

  When the crawl process was interrupted and the attack phase started, Wapiti will skip the crawling by default upon restoring a session. Use this option to resume the crawling process while keeping the previously found vulnerabilities and attack statuses intact.

• --flush-attacks

  This option clears all discovered vulnerabilities and resets which URLs were attacked by which modules, but keeps the scan (crawling) information intact.

• --flush-session

  Clears everything related to the target for the specified scope, including both scan and attack data.

• --store-session

  Use this option to specify an alternative path for saving the session files (.db and .pkl).

• --store-config

  Specify an alternative path for storing particular module files like apps.json and nikto_db.