In [1]:
import pandas as pd

data = {
    "URL": ["http://example.com", "http://test.com/login"],
    "Payloads": [
        "' OR '1'='1;<script>alert(1)</script>;../../etc/passwd",
        "' UNION SELECT * FROM users--;../../etc/passwd"
    ]
}

df = pd.DataFrame(data)
df.to_csv("dataset.csv", index=False)
print("dataset.csv created successfully!")

dataset.csv created successfully!


In [None]:
# Step 1: Import necessary libraries
import requests
import pandas as pd
from urllib.parse import urljoin

# Step 2: Load dataset containing URLs and payloads
def load_dataset(file_path):
    """
    Load dataset containing URLs and test payloads.
    """
    return pd.read_csv(file_path)

# Step 3: Check for SQL Injection vulnerability
def check_sql_injection(url, payloads):
    """
    Test for SQL Injection vulnerabilities by sending payloads.
    """
    print(f"Testing SQL Injection on {url}")
    for payload in payloads:
        try:
            response = requests.get(urljoin(url, payload))
            if "SQL syntax" in response.text or "database" in response.text:
                print(f"[!] SQL Injection vulnerability found with payload: {payload}")
                return
        except requests.RequestException as e:
            print(f"Error testing SQL Injection: {e}")
    print("[+] No SQL Injection vulnerability found.")

# Step 4: Check for XSS vulnerability
def check_xss(url, payloads):
    """
    Test for Cross-Site Scripting (XSS) vulnerabilities by injecting payloads.
    """
    print(f"Testing XSS on {url}")
    for payload in payloads:
        try:
            response = requests.get(urljoin(url, payload))
            if payload in response.text:
                print(f"[!] XSS vulnerability found with payload: {payload}")
                return
        except requests.RequestException as e:
            print(f"Error testing XSS: {e}")
    print("[+] No XSS vulnerability found.")

# Step 5: Check for security headers
def check_security_headers(url):
    """
    Check HTTP headers for security best practices.
    """
    print(f"Checking security headers on {url}")
    try:
        response = requests.get(url)
        headers = response.headers
        if "X-Content-Type-Options" not in headers:
            print("[!] Missing X-Content-Type-Options header.")
        if "Content-Security-Policy" not in headers:
            print("[!] Missing Content-Security-Policy header.")
        if "X-Frame-Options" not in headers:
            print("[!] Missing X-Frame-Options header.")
        if "Strict-Transport-Security" not in headers:
            print("[!] Missing Strict-Transport-Security header.")
        print("[+] Security header check completed.")
    except requests.RequestException as e:
        print(f"Error checking security headers: {e}")

# Step 6: Main function for assessment
def perform_security_assessment(file_path):
    """
    Perform security assessment for the given dataset.
    """
    # Load dataset
    data = load_dataset(file_path)

    for index, row in data.iterrows():
        url = row['URL']
        payloads = row['Payloads'].split(';')  # Payloads are semicolon-separated

        print(f"\n[Testing URL: {url}]")
        check_sql_injection(url, payloads)
        check_xss(url, payloads)
        check_security_headers(url)

# Specify the dataset path
dataset_path = "dataset.csv"  # Replace with your dataset file

# Perform the assessment
perform_security_assessment(dataset_path)


[Testing URL: http://example.com]
Testing SQL Injection on http://example.com
[+] No SQL Injection vulnerability found.
Testing XSS on http://example.com
[+] No XSS vulnerability found.
Checking security headers on http://example.com
[!] Missing X-Content-Type-Options header.
[!] Missing Content-Security-Policy header.
[!] Missing X-Frame-Options header.
[!] Missing Strict-Transport-Security header.
[+] Security header check completed.

[Testing URL: http://test.com/login]
Testing SQL Injection on http://test.com/login
