Skip to content
/ Web-Vulnerability-Scanner Public

Aims to identify common security vulnerabilities in web applications.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AusBoone/Web-Vulnerability-Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

config.json

config.json

 
 

crawler.py

crawler.py

 
 

main.py

main.py

 
 

requirements.txt

requirements.txt

 
 

vulnerability_scanner.py

vulnerability_scanner.py

 
 

Repository files navigation

Web-Vulnerability-Scanner

This project is a Web Vulnerability Scanner that aims to identify common security vulnerabilities in web applications. The scanner first crawls a target website, builds a site map, and then checks for various security issues, such as XSS, SQL Injection, SSRF, IDOR, and common misconfigurations.

Features

  • Crawls a target website, extracting internal links and forms.
  • Scans for common web application vulnerabilities:
  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Server-Side Request Forgery (SSRF)
  • Insecure Direct Object Reference (IDOR)
  • Checks for common security misconfigurations:
  • Unnecessary open ports
  • Default or missing security headers
  • Default credentials
  • Supports rate-limiting and follows robots.txt rules.
  • Uses multithreading to improve crawling performance.
  • Provides logging and report generation.

Prerequisites

  • Python 3.7+
  • Install required packages using pip: pip install -r requirements.txt

Usage

  1. Update the config.json file with your desired crawl delay (in seconds).
  2. Run the scanner using the following command: python main.py <target_url> <known_user_id> Replace <target_url> with the URL of the website you want to scan and <known_user_id> with a known user ID for IDOR testing.
  3. After the scanner has finished, review the scan.log file for any logging information and the report.txt file for a summary of identified vulnerabilities.

Files

  • main.py: The main script to run the Web Vulnerability Scanner.
  • crawler.py: Contains the Crawler class responsible for crawling the target website and extracting links and forms.
  • vulnerability_scanner.py: Contains the VulnerabilityScanner class responsible for scanning the target website for common web application vulnerabilities and misconfigurations.
  • config.json: Configuration file that stores settings such as crawl delay.
  • requirements.txt: Contains the required packages for the project.

Disclaimer

This tool is intended for educational purposes and security testing. Please ensure that you have the appropriate permissions before scanning a target website. I am not responsible for any misuse or damage caused by this tool.

License

This project is licensed under the MIT License.

About

Aims to identify common security vulnerabilities in web applications.

Topics

cybersecurity vulnerability-detection web-crawling vulnerability-scanners website-testing

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages