Skip to content

josephmtakai/Web-Application-Vulnerability-Scanner-using-Python

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.venv
.venv
 
 
README.md
README.md
 
 
vulnerability scanner.py
vulnerability scanner.py
 
 

Repository files navigation

Web Application Vulnerability Scanner

A Python-based tool designed to scan web applications for common vulnerabilities such as SQL injection and Cross-Site Scripting (XSS).

Features

  • SQL Injection Detection: Automatically checks if a web application is vulnerable to SQL injection attacks.
  • XSS Detection: Scans for Cross-Site Scripting vulnerabilities in web applications.
  • Customizable: Easily add more vulnerability checks based on your needs.
  • Reports: Provides a summary report of vulnerabilities discovered during the scan.

Technologies Used

  • Python: The core programming language.
  • Libraries:
    • requests: For making HTTP requests.
    • BeautifulSoup: For parsing and scraping HTML content.
    • re (regular expressions): To help identify vulnerabilities in HTML responses.

Setup and Installation

  1. Clone the repository: 
    git clone https://github.com/yourusername/web-vulnerability-scanner.git
cd web-vulnerability-scanner

Install the required dependencies:

bash Copy code pip install -r requirements.txt Run the scanner:

bash Copy code python vulnerability_scanner.py How It Works SQL Injection: The scanner injects commonly used SQL injection payloads into form fields or URL parameters to check for vulnerabilities. XSS Detection: The scanner submits HTML/JavaScript payloads into form fields or URL parameters to identify XSS vulnerabilities. Usage Edit the vulnerability_scanner.py to add the target URL you want to scan:

python Copy code target_url = "http://example.com" Start the scan by running the script:

bash Copy code python vulnerability_scanner.py The scan results will be displayed in the terminal and can be saved to a log file if required.

Example Output csharp Copy code [INFO] Scanning http://example.com for vulnerabilities... [INFO] SQL Injection test: Passed [WARNING] XSS Vulnerability detected in http://example.com/search?q=<script>alert(1)</script>

Roadmap Add support for more vulnerabilities like CSRF. Improve report generation (JSON, CSV, etc.). Add support for scanning multiple URLs in batch mode. Contributions Feel free to open issues or submit pull requests for improvements and new features!

License This project is licensed under the MIT License.

Disclaimer This tool is intended for educational purposes only. Do not use this tool against any website without the owner’s consent. Unauthorized scanning of websites can be illegal.

You can adapt the content based on the specific features and use cases of your project! Let me know if you want any modifications or additions.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages