A simple Python script that scans a host or web application for common security weaknesses and produces a report.
| Assignment requirement | Where it's implemented |
|---|---|
| Scan for open ports or weak configurations | scan_port, run_port_scan, RISKY_IF_OPEN |
| Identify outdated software versions | OUTDATED_SIGNATURES + banner/header matching |
| Generate a simple vulnerability report | write_reports → .txt and .json in reports/ |
- Python 3.8+ (standard library only — no
pip installneeded)
# 1. Scan a host's most common ports (default list of ~25 ports)
python3 vuln_scanner.py --target 127.0.0.1
# 2. Scan a specific port range
python3 vuln_scanner.py --target 127.0.0.1 --start-port 1 --end-port 1024
# 3. Scan specific ports
python3 vuln_scanner.py --target 127.0.0.1 --ports 22,80,443,3306
# 4. Also check a web app (headers, server banner, plain-HTTP, common exposed paths)
python3 vuln_scanner.py --target 127.0.0.1 --url http://127.0.0.1
# 5. Web checks only, no port scan
python3 vuln_scanner.py --url http://127.0.0.1 --web-onlyReports are written to ./reports/report_<timestamp>.txt and .json.
- Port scan: threaded TCP connect scan over a configurable port list/range. Flags ports that are open, and separately flags ports that are "risky if open at all" (e.g. Telnet, SMB, exposed databases) as a weak-configuration finding.
- Outdated software detection: grabs service banners (SSH, FTP, HTTP
Serverheader, etc.) and matches them against a small table of known-old version patterns (e.g.OpenSSH_5.x,Apache/2.2,vsftpd 2.3.4). This is intentionally simple/educational — a production tool would query a real CVE/CPE database (like the NVD) instead of a hardcoded pattern list. - Web checks: fetches the target URL and checks for missing security
headers (
Strict-Transport-Security,Content-Security-Policy,X-Frame-Options, etc.), plain-HTTP usage, server-version disclosure, and a few commonly-exposed paths (/backup/,/.git/, etc.). - Reporting: findings are tagged with a category and severity (Info / Low / Medium / High) and written out as both a human-readable text report and a machine-readable JSON report.
Only scan systems you own or have explicit written permission to test. Unauthorized scanning of third-party networks or websites can be illegal. This tool is for learning port scanning, banner grabbing, and basic web security auditing — the same building blocks used in real penetration testing, but here they're being used to teach the concepts.
- Add UDP port scanning
- Pull live CVE data from the NVD API instead of the hardcoded table
- Add an HTML report with a severity chart
- Add SSL/TLS certificate expiry and weak-cipher checks