Quick Command Patterns
# Basic scan
python waymap.py --target https://example.com --scan xss --crawl 2
# Full scan with reports
python waymap.py --target https://example.com --scan all --report-format html,csv --output-dir reports
# Multi-target scan
python waymap.py --multi-target targets.txt --scan sqli
# API scan (REST / GraphQL)
python waymap.py --target https://api.example.com --scan api --api-type rest
python waymap.py --target https://api.example.com/graphql --scan api --api-type graphql
# WordPress profile
python waymap.py --target https://example.com --profile wordpress
# Google dork discovery
python waymap.py --dork "inurl:.php?id="Tip: after PyPI install you can use
waymap instead of python waymap.py.Full CLI Synopsis
python waymap.py [--target URL | --multi-target FILE] [--scan TYPE] [--crawl N] [--threads N]
[--profile wordpress]
[--technique BET]
[--api-type rest|graphql] [--api-endpoints /users,/login]
[--auth-type form|basic|digest|bearer|api_key]
[--auth-url URL] [--username USER] [--password PASS]
[--token TOKEN] [--auth-header HEADER]
[--report-format html,csv,markdown,pdf] [--output-dir DIR]
[--dork "query"] [--dork-api-key KEY] [--dork-output FILE]
[--wpscan-token TOKEN]
[--check-waf] [--waf URL] [--check-updates]
[--no-prompt] [--verbose]Target Options
--target / -t
Single target URL to scan.
python waymap.py --target https://example.com --scan recon--multi-target / -mt
File containing one target URL per line.
python waymap.py --multi-target targets.txt --scan misconfigScan Configuration
--scan / -s
Select a scan type.
Standard / Core scans
sqlixsscmdircesstilfiopen-redirectcrlfcorsapiall
Module-based scans
reconmisconfigredirectinjection-advancedgraphql-suiteauth-logiccache-smugglingwordpress-extrasoptional
python waymap.py --target https://example.com --scan recon
python waymap.py --target https://example.com --scan injection-advanced
python waymap.py --target https://example.com --scan cache-smuggling--crawl / -c
Crawl depth for target discovery (0–10).
python waymap.py --target https://example.com --scan xss --crawl 3--threads
Thread count for scan operations.
python waymap.py --target https://example.com --scan all --threads 4--technique / -k
SQLi technique string: B (boolean), E (error), T (time).
python waymap.py --target "https://example.com/page.php?id=1" --scan sqli --technique BET--profile / -p
Run a scan profile (currently: wordpress).
python waymap.py --target https://example.com --profile wordpressAuthentication
Supported --auth-type: form, basic, digest, bearer, api_key.
# Form auth
python waymap.py --target https://example.com --scan all \
--auth-type form --auth-url https://example.com/login \
--username admin --password pass
# Bearer token
python waymap.py --target https://example.com --scan api \
--auth-type bearer --token "YOUR_TOKEN"
# API key
python waymap.py --target https://example.com --scan api \
--auth-type api_key --token "API_KEY" --auth-header "X-API-Key"API Scanning
# REST API scan
python waymap.py --target https://api.example.com --scan api --api-type rest
# GraphQL API scan
python waymap.py --target https://api.example.com/graphql --scan api --api-type graphql
# REST scan with explicit endpoints
python waymap.py --target https://api.example.com --scan api --api-type rest \
--api-endpoints /users,/login,/tokensDiscovery (Google Dorks)
python waymap.py --dork "inurl:.php?id="
python waymap.py --dork "site:example.com inurl:?" --dork-output custom_targets.txtWPScan API
python waymap.py --target https://example.com --profile wordpress --wpscan-token "TOKEN"WAF Detection
python waymap.py --target https://example.com --check-waf
python waymap.py --waf https://example.comReporting
python waymap.py --target https://example.com --scan all \
--report-format html,csv,markdown --output-dir reportsUtility & UX
python waymap.py --check-updates
python waymap.py --target https://example.com --scan all --no-prompt
python waymap.py --target https://example.com --scan recon --verboseResults are stored in sessions/<domain>/waymap_full_results.json.