Skip to content

Aims to identify common security vulnerabilities in web applications.

License

Notifications You must be signed in to change notification settings

AusBoone/Web-Vulnerability-Scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Web-Vulnerability-Scanner

This project is a Web Vulnerability Scanner that aims to identify common security vulnerabilities in web applications. The scanner first crawls a target website, builds a site map, and then checks for various security issues, such as XSS, SQL Injection, SSRF, IDOR, and common misconfigurations.

Features

  • Crawls a target website, extracting internal links and forms.
  • Scans for common web application vulnerabilities:
  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Server-Side Request Forgery (SSRF)
  • Insecure Direct Object Reference (IDOR)
  • Checks for common security misconfigurations:
  • Unnecessary open ports
  • Default or missing security headers
  • Default credentials
  • Supports rate-limiting and follows robots.txt rules.
  • Uses multithreading to improve crawling performance.
  • Provides logging and report generation.

Prerequisites

  • Python 3.7+
  • Install required packages using pip: pip install -r requirements.txt

Usage

  1. Update the config.json file with your desired crawl delay (in seconds).
  2. Run the scanner using the following command: python main.py <target_url> <known_user_id> Replace <target_url> with the URL of the website you want to scan and <known_user_id> with a known user ID for IDOR testing.
  3. After the scanner has finished, review the scan.log file for any logging information and the report.txt file for a summary of identified vulnerabilities.

Files

  • main.py: The main script to run the Web Vulnerability Scanner.
  • crawler.py: Contains the Crawler class responsible for crawling the target website and extracting links and forms.
  • vulnerability_scanner.py: Contains the VulnerabilityScanner class responsible for scanning the target website for common web application vulnerabilities and misconfigurations.
  • config.json: Configuration file that stores settings such as crawl delay.
  • requirements.txt: Contains the required packages for the project.

Disclaimer

This tool is intended for educational purposes and security testing. Please ensure that you have the appropriate permissions before scanning a target website. I am not responsible for any misuse or damage caused by this tool.

License

This project is licensed under the MIT License.

Releases

No releases published

Packages

No packages published

Languages