Skip to content

zeuu5/webhound

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
core
core
 
 
modules
modules
 
 
payloads
payloads
 
 
README.md
README.md
 
 
main.py
main.py
 
 

Repository files navigation

   __        _______ ____  _   _  ___  _   _ _   _ ____
   \ \      / / ____| __ )| | | |/ _ \| | | | \ | |  _ \
    \ \ /\ / /|  _| |  _ \| |_| | | | | | | |  \| | | | |
     \ V  V / | |___| |_) |  _  | |_| | |_| | |\  | |_| |
      \_/\_/  |_____|____/|_| |_|\___/ \___/|_| \_|____/

WebHound — Advanced Web Vulnerability Scanner

Built by zeus

Python License MITRE ATT&CK OWASP CVSS NVD

An advanced open-source web vulnerability scanner that detects OWASP Top 10 vulnerabilities, maps findings to MITRE ATT&CK, identifies WAFs, fingerprints tech stacks, looks up real CVEs, and generates professional PDF reports.

For authorized security testing only. Always get written permission before scanning.

Demo

  ================================================================

   __        _______ ____  _   _  ___  _   _ _   _ ____
   \ \      / / ____| __ )| | | |/ _ \| | | | \ | |  _ \
    \ \ /\ / /|  _| |  _ \| |_| | | | | | | |  \| | | | |
     \ V  V / | |___| |_) |  _  | |_| | |_| | |\  | |_| |
      \_/\_/  |_____|____/|_| |_|\___/ \___/|_| \_|____/

  ================================================================
          Advanced Web Vulnerability Scanner v2.0
                      by zeus
           For Authorized Security Testing Only
  ================================================================

[Phase 0] Validating scope...
[✓] Target in scope: testphp.vulnweb.com

[Phase 1] Crawling http://testphp.vulnweb.com...
          Max pages : 50
          Max depth : 3
[CRAWLING] http://testphp.vulnweb.com/login.php
[✓] 12 pages found, 5 forms found

[Phase 2] Scanning for vulnerabilities...
[WAF DETECTED] Cloudflare
[SQLI FOUND] http://testphp.vulnweb.com/login.php
[XSS FOUND]  http://testphp.vulnweb.com/search.php
[MISSING HEADER] Content-Security-Policy
[TECH] Server: Apache/2.4.7
[API FOUND] /api/v1/users (200)
[CVE FOUND] CVE-2021-41773 (CRITICAL) — Apache path traversal

[Phase 3] Scoring and mapping vulnerabilities...
[✓] MITRE mapping complete

[Phase 4] Generating reports...
[✓] PDF saved: reports/webhound_report.pdf
[✓] JSON saved: reports/webhound_20240125_143022.json

=================================================================
    TOTAL : 8  |  CRITICAL : 2  |  HIGH : 1  |  MEDIUM : 5
=================================================================

Features

Feature Description
Smart Crawler Recursively maps all pages and forms with SPA detection and depth limits
SQL Injection Tests all inputs with 20+ payloads including WAF-specific mutations
XSS Detection Detects reflected XSS with 24+ payloads across all form inputs
WAF Detector Identifies Cloudflare, AWS WAF, ModSecurity, Akamai, Sucuri, Imperva
Payload Mutator Generates WAF-specific bypass variations for every payload
Tech Fingerprinter Detects server, framework, CMS, and database technology
API Tester Discovers and tests REST API endpoints for SQLi, XSS, and IDOR
CVE Lookup Queries NVD database for real CVEs matching detected technology
Directory Scanner Finds hidden admin panels, config files, and sensitive paths
Subdomain Enumerator Discovers subdomains automatically
Cookie Analyzer Checks Secure, HttpOnly, SameSite flags on all cookies
SSL/TLS Checker Validates certificate expiry and protocol strength
Open Redirect Detects unvalidated redirect vulnerabilities
Security Headers Audits CSP, HSTS, X-Frame-Options, Permissions-Policy and more
MITRE ATT&CK Auto-maps every finding to official MITRE technique IDs and tactics
CVSS Scoring Industry-standard v3 severity scoring for every finding
PDF Report Professional pentest-style PDF with cover page, summary, full details
JSON Export Machine-readable output for integrations and dashboards
CLI Results Full color-coded results in terminal
Multi-threading Parallel scanning with configurable thread count
Rate Limiter Ethical polite scanning with configurable request rate
Scope Validator Prevents accidental out-of-scope scanning

WebHound vs Other Tools

Feature Burp Suite Free OWASP ZAP Nikto WebHound
SQLi / XSS Detection Yes Yes Yes Yes
WAF Detection No No No Yes
MITRE ATT&CK Mapping No No No Yes
CVSS Scoring No No No Yes
CVE Lookup No No No Yes
Payload Mutation (WAF Bypass) No Yes No Yes
API Endpoint Testing No Yes No Yes
Tech Stack Fingerprinting Yes No Yes Yes
PDF Report No Yes No Yes
JSON Export No Yes No Yes
Scope Validator No No No Yes
100% Free and Open Source Yes Yes Yes Yes

Installation

# Clone the repository
git clone https://github.com/YOURUSERNAME/webhound.git
cd webhound

# Install dependencies
pip install requests beautifulsoup4 colorama fpdf2

Requirements: Python 3.8+

Usage

# Basic scan
python main.py --url http://testphp.vulnweb.com

# Fast scan — skip slow modules
python main.py --url http://target.com --no-sub --no-dir

# Large site — limit crawl
python main.py --url https://target.com --max-pages 20 --depth 2

# Custom threads and rate limiting
python main.py --url http://target.com --threads 20 --rate 2

# Full options
python main.py --url http://target.com --threads 20 --rate 2 --max-pages 30 --depth 3

All Flags

Flag Default Description
--url Required Target URL to scan
--threads 10 Number of parallel scan threads
--rate 5 Requests per second
--max-pages 50 Maximum pages to crawl
--depth 3 Maximum crawl depth
--report auto PDF output file path
--no-sub False Skip subdomain enumeration
--no-dir False Skip directory scanning

Project Structure

WebHound/
├── core/
│   ├── crawler.py              # Smart recursive web crawler
│   ├── scanner.py              # Multi-threaded scan engine
│   ├── reporter.py             # Professional PDF generator
│   ├── cvss_scorer.py          # CVSS v3 scoring engine
│   ├── mitre_mapper.py         # MITRE ATT&CK mapper
│   ├── payload_mutator.py      # WAF-specific bypass generator
│   ├── rate_limiter.py         # Ethical rate limiting
│   ├── exporter.py             # JSON report generator
│   └── scope.py                # Scope validation
│
├── modules/
│   ├── sqli_tester.py          # SQL Injection detection
│   ├── xss_tester.py           # Cross-Site Scripting detection
│   ├── headers_check.py        # Security headers audit
│   ├── dir_scanner.py          # Directory and file discovery
│   ├── open_redirect.py        # Open redirect testing
│   ├── ssl_checker.py          # SSL/TLS certificate analysis
│   ├── cookie_checker.py       # Cookie security analysis
│   ├── subdomain_scanner.py    # Subdomain enumeration
│   ├── waf_detector.py         # WAF identification
│   ├── tech_fingerprinter.py   # Technology stack detection
│   ├── cve_lookup.py           # NVD CVE database lookup
│   └── api_tester.py           # REST API security testing
│
├── payloads/
│   ├── sqli_payloads.txt       # SQL injection payloads
│   └── xss_payloads.txt        # XSS payloads
│
├── reports/                    # Generated reports
├── main.py                     # Entry point
└── README.md

MITRE ATT&CK Mapping

Every finding is automatically mapped to the official MITRE ATT&CK framework:

Vulnerability MITRE ID Technique Tactic
SQL Injection T1190 Exploit Public-Facing Application Initial Access
XSS T1059.007 JavaScript Execution Execution
Open Redirect T1566.002 Spearphishing Link Initial Access
Exposed Paths T1595.003 Wordlist Scanning Reconnaissance
Insecure Cookies T1539 Steal Web Session Cookie Credential Access
Missing Headers T1556 Modify Authentication Process Defense Evasion

WAF Detection

WebHound identifies WAFs from HTTP response signatures:

  • Cloudflare — cf-ray, cloudflare headers
  • AWS WAF — x-amzn-requestid, x-amz-cf-id
  • ModSecurity — mod_security, NOYB
  • Akamai — akamaighost, ak-bmsc
  • Sucuri — x-sucuri-id, x-sucuri-cache
  • Imperva — visid_incap, incap_ses

Once detected, WAF-specific payload mutations are used automatically.

Payload Mutation Example

Basic payload:      ' OR '1'='1

Cloudflare bypass:  '/**/OR/**/'1'='1
                    ' || '1'='1
                    '   OR  '1'='1  (tab characters)

AWS WAF bypass:     ' UNI/**/ON SEL/**/ECT '1'='1
                    ' OR/**/ '1'='1

Legal Test Targets

These sites exist specifically for security testing:

Target URL Best For
Vulnweb http://testphp.vulnweb.com SQLi, XSS — recommended
WebApp Security http://zero.webappsecurity.com General testing
DVWA Run locally via Docker Full controlled testing
HackTheBox https://hackthebox.com Advanced challenges
TryHackMe https://tryhackme.com Guided learning
PortSwigger Labs https://portswigger.net/web-security OWASP labs

Legal Disclaimer

This tool is for authorized security testing and educational purposes only.

  • Only scan systems you own or have explicit written permission to test
  • Unauthorized scanning is illegal under CFAA and similar laws worldwide
  • The developer is not responsible for any misuse or damage
  • Always follow responsible disclosure when reporting vulnerabilities

Contributing

  1. Fork the repository
  2. Create your branch: git checkout -b feature/NewFeature
  3. Commit: git commit -m 'Add NewFeature'
  4. Push: git push origin feature/NewFeature
  5. Open a Pull Request

License

MIT License — see LICENSE for details.

Author

zeus — Built with love for the cybersecurity community.

"I didn't just learn how vulnerability scanners work — I built one."

If WebHound helped you, please star the repository!

Happy Hunting!

About

Advanced web vulnerability scanner with MITRE ATT&CK mapping, WAF detection, CVE lookup and professional PDF reports — built in Python

Topics

xss owasp cybersecurity penetration-testing bug-bounty sql-injection infosec web-security cve appsec security-scanner ethical-hacking red-team cvss security-tools owasp-top-10 vulnerability-scanner mitre-attack waf-bypass

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages