main.py

import argparse
import json
import logging
from crawler import Crawler
from vulnerability_scanner import VulnerabilityScanner

def main(target_url, config, known_user_id):
    # Set up logging
    logging.basicConfig(filename="scan.log", level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
    logging.info(f"Starting scan for {target_url}")

    # Initialize the crawler with the specified delay and crawl the target website
    crawler = Crawler(target_url, delay=config["delay"])
    site_map = crawler.crawl()

    # Initialize the vulnerability scanner and run it on the crawled site map
    scanner = VulnerabilityScanner(site_map)
    scanner.run()

    # Check for open ports
    scanner.check_open_ports(target_url)

    # Check for insecure headers
    for url in site_map:
        scanner.check_insecure_headers(url)

    # Check for IDOR vulnerabilities
    # Note: User must provide the known_user_id parameter when calling this method
    scanner.check_for_idor(target_url, known_user_id)

    # Generate a report
    with open("report.txt", "w") as f:
        f.write("Web Vulnerability Scanner Report\n")
        f.write(f"Target URL: {target_url}\n")
        f.write("Scan Summary:\n")
        # Include vulnerability details in the report

    logging.info("Scan completed successfully")

if __name__ == '__main__':
    # Set up argument parser
    parser = argparse.ArgumentParser(description="Web Vulnerability Scanner")
    parser.add_argument("url", help="The target URL to scan")
    # Add argument for known user ID for IDOR testing
    parser.add_argument("known_user_id", type=int, help="A known user ID for IDOR testing")
    args = parser.parse_args()

    # Load configuration from file
    with open("config.json") as f:
        config = json.load(f)

    # Call the main function with the target URL, configuration, and known user ID
    main(args.url, config, args.known_user_id)