v0.5.0-alpha
README Last updated: 29-12-25
This project is a simple web vulnerability scanner developed initially on test websites such as http://testphp.vulnweb.com/.The aim is to ensure websites are protected from common attacks inclusive of CSRF(Cross Site Request Forgery),EAR(Execution After Redirect) and many more as exclusively documented on OWASP® Foundation Community-Attacks. This might also help attackers figure out if a website is hackable!
As of 29-12-2025 the Scanner supports these basic features
- Crawling through a webpage to access links attached and scan them recursively
- Check for missing security headers
- Run simple SQL injection commands1
- Check for Reflected XSS2 and Open Directory Listings
Tip
For more release-by-release information pls read the CHANGELOG.md file.
Important
The project currently has no active releases.Only pre-release with missing bug fixes.
Warning
Running the project locally is not advised for the version.However trying out will not cause any inadvertent problems to your machine.3
- Launching the project
- Create Documentation
- Adding more payloads for Reflected XSS Checks
- Building a web dashboard to display logs and reports efficiently
- Locally run it
- Deploying live version
- Adding more attack checks with OWASP Top 10 at core
Footnotes
-
More the no of commands,more powerful the exploit checks will be As of now only 1 simple statement has been added(29-12-25) ↩
-
Currently the project supports only 1 payload(not enough for a large website) and works only on
http://testphp.vulnweb.com/(29-12-25).If any other website is available or something do let the developers know. ↩ -
To locally run the project for
v0.5.0-alphasimply DOWNLOAD ZIP from the repository page onto a local directory
Change address paths to fit your machine directory(including where the report has to be saved and then runscanner.py. Please use the issues page for any errors you face. ↩