Skip to content

LouisB06/Web-Recon-Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
scanner.py
scanner.py
 
 
wordlist.txt
wordlist.txt
 
 

Repository files navigation

Web Recon Scanner

This is a Python tool that I have created that allows people to scan their websites for basic security vulnerabilities

A Python based web reconnaissance and security analysis tool for educational purposes.

Author: Louis

Note: This tool is intended for authorized testing only. Do not use it against systems you do not own or do not have explicit permission to test. Misuse may violate laws and regulations.

Wordlist.txt was generated by AI (ChatGPT)

Features:

  • Simple port scanning (common ports)
  • Security header analysis
  • Basic reflected XSS testing
  • HTML report that is generated after each scan
  • CVE lookup which uses the NVD API
  • Directory discovery (Wordlist.txt contains words that are used to attempt to discover hidden directories)
  • Exploit suggestions
  • Terminal dashboard with a live progress bar
  • Provides a risk analysis

Legal & Safety

  1. Use this tool only on web servers that you either own or have explicit permission to test this tool on.

  2. The author, which is me, will take no responsibility if this tool/software is misused.

  3. This software was purely built to learn reconnaissance, penetration testing and web security.

How This Tool Was Tested

This tool was tested in a controlled lab environment to ensure that no unauthorized systems were scanned.

Testing methods included:

  • Running vulnerable web applications (I personally used OWASP Juice shop) inside Docker containers.
  • Scanning services hosted on localhost to simulate real web environments.
  • Testing against intentionally vulnerable applications inside virtual machines to observe how the scanner detects issues such as missing security headers, open ports, and reflected XSS.

Docker was used to deploy test web servers and vulnerable applications. Virtual machines were used to isolate testing environments and prevent any impact on the host system.

If you want to learn how to set up a similar environment, you can create a local penetration testing lab using tools such as:

These environments allow safe testing of security tools without interacting with real world systems.

Installation

git clone https://github.com/LouisB06/Web-Recon-Scanner.git
cd Web-Recon-Scanner
python -m venv .venv
source .venv/bin/activate   # On Windows use: .venv\Scripts\activate
pip install -r requirements.txt

About

Python based educational web recon and vulnerability scanner

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages