# Web Servers & Applications

Tools for this section : 

```
1. Telnet
2. Netcat
3. Log4j Vulnerable server
4. Burpsuite
5. Wapiti
6. WP Scanner
```

***

#### WP Scanner

```
wpscan --url < target wordpress domain > --api-token [API Token]
```

the api token can be obtained from the website of wpscanner and also we can opt for subscribed professional plans for increased visibility over new cyber attack trends

***

#### Wapiti Web vulnerability scanner

```
cd wapiti
    python3 -m venv wapiti3
     . wapiti3/bin/activate
     pip install .
​
wapiti -u <target domain>
  cd /root/.wapiti/generated_report/ 
```

For issues related to python venv follow this documentation

{% content-ref url="initial-environment-deployment/python3-and-pip-installation" %}
[python3-and-pip-installation](https://ghoulsec.gitbook.io/toolbase/initial-environment-deployment/python3-and-pip-installation)
{% endcontent-ref %}