How to test webpages which are available only after signin?

Question

I am testing my company's webpages using free vulnerability assessment tools like wapiti and nikto.

The problem is that I have to test the webpages which are accessible to a user after they sign up and the tools don't have the capability to do that.

How can I solve my problem?

You could log in manually and then copy the authentication cookie and set it in nikto. See https://security.stackexchange.com/a/184943/235964. That said, an automated scanner cannot catch everything. Maybe you should hire a professional pentester. — nobody, Feb 16 '22 at 16:29

score 1 · Accepted Answer · answered Mar 14 '22 at 22:59

1

Add to your cmdline this...

-a username%password --auth-method post

answered Mar 14 '22 at 22:59

protoxos

1 Answers1