Skip to content

sanjeevsrivathsan/Network-Vulnerability-Scanner-Python-Script-

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

Vulnerability Scanner (Mini Project)

A simple Python script that scans a host or web application for common security weaknesses and produces a report.

What it does (maps to the assignment brief)

Assignment requirement Where it's implemented
Scan for open ports or weak configurations scan_port, run_port_scan, RISKY_IF_OPEN
Identify outdated software versions OUTDATED_SIGNATURES + banner/header matching
Generate a simple vulnerability report write_reports.txt and .json in reports/

Requirements

  • Python 3.8+ (standard library only — no pip install needed)

Usage

# 1. Scan a host's most common ports (default list of ~25 ports)
python3 vuln_scanner.py --target 127.0.0.1

# 2. Scan a specific port range
python3 vuln_scanner.py --target 127.0.0.1 --start-port 1 --end-port 1024

# 3. Scan specific ports
python3 vuln_scanner.py --target 127.0.0.1 --ports 22,80,443,3306

# 4. Also check a web app (headers, server banner, plain-HTTP, common exposed paths)
python3 vuln_scanner.py --target 127.0.0.1 --url http://127.0.0.1

# 5. Web checks only, no port scan
python3 vuln_scanner.py --url http://127.0.0.1 --web-only

Reports are written to ./reports/report_<timestamp>.txt and .json.

How each feature works

  • Port scan: threaded TCP connect scan over a configurable port list/range. Flags ports that are open, and separately flags ports that are "risky if open at all" (e.g. Telnet, SMB, exposed databases) as a weak-configuration finding.
  • Outdated software detection: grabs service banners (SSH, FTP, HTTP Server header, etc.) and matches them against a small table of known-old version patterns (e.g. OpenSSH_5.x, Apache/2.2, vsftpd 2.3.4). This is intentionally simple/educational — a production tool would query a real CVE/CPE database (like the NVD) instead of a hardcoded pattern list.
  • Web checks: fetches the target URL and checks for missing security headers (Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, etc.), plain-HTTP usage, server-version disclosure, and a few commonly-exposed paths (/backup/, /.git/, etc.).
  • Reporting: findings are tagged with a category and severity (Info / Low / Medium / High) and written out as both a human-readable text report and a machine-readable JSON report.

⚠️ Ethical / legal use

Only scan systems you own or have explicit written permission to test. Unauthorized scanning of third-party networks or websites can be illegal. This tool is for learning port scanning, banner grabbing, and basic web security auditing — the same building blocks used in real penetration testing, but here they're being used to teach the concepts.

Possible extensions

  • Add UDP port scanning
  • Pull live CVE data from the NVD API instead of the hardcoded table
  • Add an HTML report with a severity chart
  • Add SSL/TLS certificate expiry and weak-cipher checks

About

Python-based vulnerability scanner that performs multi-threaded port scanning, banner grabbing, and outdated software detection on network hosts. Also audits web apps for missing security headers, plain-HTTP usage, and exposed paths. Generates severity-ranked TXT/JSON reports. Tested on localhost — found open MS-RPC, SMB, and MySQL ports.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages