Scan Damn Vulnerable Web Application (DVWA) with Taipan v2.9

Updated: Mon, 02 Mar 2020

Damn Vulnerable Web Application is a project created with the intent to teach basic web application security. By providing an intentionally vulnerable web application, the user can tries to exploit the various vulnerabilities that are implemented.

We will see how to configure Taipan v2.9 to scan a DVWA website.
Read more...


Taipan Consultant Edition v2.8 released

Updated: Fri, 12 January 2020

The 2020 started with a big news, Taipan Consultant and Community edition moved to .NET Core. This will strength the portability and also ensure that Taipan is developed with the latest technology.

The engine was also improved by providing a better feedback to the user and increasing the stability and accuracy.

Become a sponsored user

The Community Edition can be downloaded from GitHub.

Read more...


Taipan Consultant Edition v2.7 released

Updated: Fri, 19 July 2019

This version add new features and various improvements:

  • New security check to identify Struts 2 Development mode enabled.
  • Improved Reflected Cross Site Scripting check.
  • It is now possible to specify the timeout from command line
Sometimes a too short timeout can induce Taipan to think that the website is down. It is possible to modify this value from the profile file but it resulted to be more handy to specify it also from command line.

If the website seems down, try to specify an higher timeout with the following command:

Taipan.exe --timeout 5

Become a sponsored user
The Community Edition can be downloaded from GitHub.



Taipan Consultant Edition v2.5 released

Updated: Mon, 02 Apr 2019

This version adds new features and improvements to the scan engine. The most notable are:

  • The identYwaf's author allowed us to use the data from his project in Taipan. Identification of WAF is a very important aspect of a vulnerability scan and being able to do it automatically is a must have feature. (All versions)
  • Now you can specify how many scans you want to print. This is a handy option if you are used to running a lot of scans. (Consultant edition only)
  • We have added more progress information during the scan. You can now have a more precise idea of how long the scan will take.
  • Minor bug fixing

Become a sponsored user
The Community Edition can be downloaded from GitHub.


Taipan Consultant Edition v2.4 released

Updated: Mon, 10 Mar 2019

We decided to create a new Taipan product that we called Consultant edition. This version adds new features and improvements to the scan engine. The most notable are:

  • Generation of HTML report (Consultant)
  • Improved Web Form Bruteforce AddOn (Consultant)
  • Generation of a cleaner JSON report (Consultant)
  • Improved hidden resource discovery component (avoided some false positives)
  • Minor bug fixing

Read more...


Taipan Scanner 2.3 released

Updated: Tue, 27 Feb 2019

Version 2.3 of Taipan Consultant and Community edition is now available. This version adds new features and improvements to the scan engine. The most notable are:

  • Scan report are now saved in a local DB in order to be queried: Each scan report generated from an executed scan is now saved in a local DB for future references. It is possible to list all saved reports by running the following command: --show-scans

    Improved hidden discovery component: It is now possible to specify which method to use in order to bruteforce a directory for hidden resources. This is useful if you want to test a page that answer only to POST requests.

    You can download the Taipan Community edition from GitHub.


Taipan Scanner 2.2 released

Updated: Tue, 18 Jan 2019

Version 2.2 of Taipan Scanner is now available. This version adds new features and improvements to the scan engine. The most notable is:

  • XML External Entity (XXE) AddOn: Taipan is now able to identify XXE vulnerability when an endpoint accepting XML data is found. XXE is one of the main class of vulnerability that affect web application, in fact it is in the top half of the OWASP Top Ten 2017. The AddOn is enabled in the Full scan profile.

    You can download the Taipan binary from GitHub.


Taipan 2.0 released

Updated: Tue, 5 Nov 2018

Release of Taipan Pro 2.0. This version adds new features and improvements both to the scan engine and the Enterprise components. Among them:

  • Taipan broker: a new architectural component was implemented, the Taipan Broker. It allows you to decouple the scan engine from the Dashboard. This will provide a better scalability of the full solution in a complex environment.

  • Authenticated Scan: it is now possible to configure an authenticated scan in a very simple way. Taipan Pro supports HTTP Basic, HTTP Digest, Bearer and Web Form. The last one is enabled by guiding the user through a very simple login emulation process, where taipan records all the authentication steps and replies during the scan.

  • HTTP Basic bruteforce AddOn: a new AddOn was implemented. It allows you to bruteforce HTTP Basic form to identify weak username/password accounts. It is possible to enable it throught the Scan settings View.



By clicking "Continue" or continuing to use our site, you acknowledge that you accept our Privacy Policy. We also use cookies to provide you with the best possible experience on our website. Feel free to check out our policies anytime for more information. Continue