A web app vulnerability scanner. Vulnerous-web is a cross platform command line tool that works as an auditor, logger, tool aggregator and report generator for performing VAPT analysis of any given website.Websites experience 22 attacks per day on average— that’s over 8,000 attacks per year. A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Vulnerous web helps in minimizing vulnerability analysis effort by providing 80 tests of OWASP top 10 and more such vulnerabilities for every web app.
Bug fixes. Update feature and help text.
Logo redesign and better UI support.
Vulnerous-web consists of the following suites :-
- Wapiti
- Whatweb
- NMap
- Golismero
- Host
- Wget
- Uniscan
- Wafw00f
- Dirb
- Davtest
- TheHarvester
- XSSER
- Dnsrecon
- Fierce
- Dnswalk
- Whois
- Sslyze
- Lbd
- Dnsenum
- Dmitry
- Nikto
- Dnsmap
The best thing about vulnerous-web is its simplicity and ease of use. You don't have to understand a lot of tools and networking to generate reports! Vulnerous-web completes 80 security checks with all 22 tools to give you a comprehensive vulnerability report.
The Vulnerous source code is written in Python3. It easy enough to understand and contributions to the Source are always welcome.
A snippet of the script is shown below:
elapsed = scan_stop - scan_start-
Kali Linux --> Easily download Kali iso using the official website. Kali
-
Python3 --> Download python on kali as
sudo apt-get install python3
-
To start Vulnerous, clone the repository and install any prerequisite package.
-
Execute the script using the following command :
python3 Source.py
- The following way triggers help info :
python3 Source.py --help
- You can update to the latest version using :
python3 Source.py --update
- To begin scanning any url :
python3 Source.py <url-name>
Vulnerous-web is still in development and to contribute to this awesome software please contact the author.
I code, I write, I hack, I preach.
Always available for any opportunities! (Pssst...I am really passionate about cybersecurity).
Copyright (C) 2019 Ankush Sharma @ AINC
This program is free software: you can redistribute it and/or modify
it under the terms of the MIT License as it is published.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
MIT License for more details.
You should have received a copy of the Mit License
along with this program.
- Shout out to Offensive Security for their awesome blogs and documentation.
- Respect for skavngr for providing a base of development.