Skip to content
/ Vulnerability-Scanner-for-Python-Code Public

A Python-based tool that statically scans .py files for insecure coding patterns. It detects hardcoded passwords, use of dangerous functions like eval() and exec(), potential SQL injection risks, and unvalidated input() usage. This scanner is built as part of my cybersecurity learning path, focusing on real-world vulnerability detection in code.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Lithish-7/Vulnerability-Scanner-for-Python-Code

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

4 Commits
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
sample_code.py
sample_code.py
Β 
Β 
scanner.py
scanner.py
Β 
Β 

Repository files navigation

πŸ›‘οΈ Vulnerability Scanner for Python Code

This project is a static code scanner written in Python that detects common insecure coding patterns.
It's built to help beginners understand how vulnerabilities can appear in source code and how to catch them early.

πŸ” What It Detects

  • πŸ”‘ Hardcoded passwords
  • ⚠️ Use of eval() and exec()
  • πŸ› οΈ SQL queries built via string concatenation
  • πŸ”“ Unvalidated input() usage

πŸ“ Project Structure

vulnerability-scanner-python/
β”œβ”€β”€ scanner.py         # The vulnerability scanner script
β”œβ”€β”€ sample_code.py     # Test script with known vulnerabilities
└── README.md          # You're here!

▢️ How to Use

  1. Place any Python code you want to test in sample_code.py
  2. Run the scanner:
python scanner.py

It will output alerts for any detected patterns.

πŸ”’ Note

This tool is for educational and demonstration purposes only.
It does not replace professional static analysis or auditing tools.

🧠 Skills Used

  • Python
  • Regex
  • Static Code Analysis
  • Cybersecurity
  • Scripting

πŸ“« Connect With Me

🏷 Tags

python cybersecurity static-analysis vulnerability-scanner regex infosec

About

A Python-based tool that statically scans .py files for insecure coding patterns. It detects hardcoded passwords, use of dangerous functions like eval() and exec(), potential SQL injection risks, and unvalidated input() usage. This scanner is built as part of my cybersecurity learning path, focusing on real-world vulnerability detection in code.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages