Skip to content

Krishna-Vamsi-G/VulnScanner-Injection-Vulnerability-Detection-Tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
Outputs
Outputs
 
 
README.md
README.md
 
 
VulnScanner.pdf
VulnScanner.pdf
 
 
VulnScanner.py
VulnScanner.py
 
 
installation.pdf
installation.pdf
 
 

Repository files navigation

VulnScanner: Injection Vulnerability Detection Tool

Overview

VulnScanner is a Python-based tool designed to automate the detection of injection vulnerabilities in web applications, emphasizing on Cross-Site Scripting (XSS) and SQL Injection (SQLi) vulnerabilities. Developed as part of a project at the University of Central Florida, this tool aims to enhance web application security by facilitating the early identification and remediation of potential vulnerabilities.

Features

  • Automated Scanning: Quickly identifies injection vulnerabilities across web applications.
  • Support for XSS and SQLi: Focuses on the detection of Cross-Site Scripting and SQL Injection vulnerabilities.
  • User Authentication Support: Capable of scanning applications post-authentication using provided user credentials.
  • Flexible and Configurable: Easily adaptable to test various web applications with minor adjustments to the scanner's code.

Installation

Ensure you have Python installed on your system (Windows or Linux). Minimum requirements: 8 GB Memory, 256 GB Storage.

Dependencies

Install the necessary Python libraries:

pip install bs4
pip install requests

Setting Up Your Environment

  • Install a Python IDE of your choice.
  • Setup a virtual environment (optional but recommended).
  • Clone this repository:
git clone https://github.com/Krishna-Vamsi-G/Advanced-Software-System-Security.git

Running VulnScanner

Navigate to the cloned directory:

cd VulnScanner

Execute the script:

python3 vulnerability_scanner.py

Follow the on-screen instructions to select the target for vulnerability scanning. Options include predefined targets like MyUCF, VulnWeb, DVWA, or a custom URL.

How It Works

VulnScanner follows a three-step process:

  1. Crawling: Identifies all associated URLs of the target web application.
  2. Form Extraction: Uses BeautifulSoup and Requests libraries to extract forms from webpages for testing.
  3. Payload Injection: Tests for vulnerabilities by injecting payloads and analyzing the responses.

Contributions and Future Work

We welcome contributions to VulnScanner! Future versions aim to improve SQLi detection accuracy and support for Multi-Factor Authentication scenarios. Feel free to fork this project and submit your pull requests.

Acknowledgements

Developed by Krishna Vamsi G and Khoushik Reddy C at the University of Central Florida.

References

For a detailed understanding of the methodologies and technologies used in this project, refer to the VulnScanner Project Report.

About

VulnScanner: A Generic python scanner to detect injection vulnerabilities in Web-applications

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages