Skip to content

Bot-Manav/Web-Vulnerability_scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
web_analyzer_advanced.py
web_analyzer_advanced.py
 
 

Repository files navigation

Web Analyzer Advanced

A concurrent, active web vulnerability scanner built in Python. This tool performs automated reconnaissance and security testing on target web applications, identifying common vulnerabilities like SQL Injection, XSS, and more. It features smart deduplication, configuration file support, rich terminal output, and hint-based detection for advanced checks.

Caution

LEGAL WARNING: This tool is for EDUCATIONAL PURPOSES and AUTHORIZED TESTING ONLY.

  • Only scan targets you own or have explicit, written permission to test.
  • Unauthorized scanning of web assets is illegal and unethical.
  • The authors assume no liability for misuse of this tool.

Features

  • Concurrent Scanning: Fast, multi-threaded execution to speed up vulnerability testing.
  • Vulnerability Scanning:
    • SQL Injection (SQLi): Error-based and Time-based (Boolean-blind checks included).
    • Cross-Site Scripting (XSS): Reflected XSS active probing.
    • Command Injection: Checks for OS command execution flaws.
    • SSTI & XXE: Server-Side Template Injection and XML External Entity tests.
  • Reconnaissance:
    • Sensitive Files: Scans for .git, .env, config.php, etc.
    • Secret Leaks: Scans JS files for API keys, AWS credentials, JWTs, and secrets.
    • Misconfigurations: CORS wildcards, missing security headers, clickjacking.
    • Subdomain Takeover: Checks for dangling CNAMEs for over 15 services.
  • Advanced Checks: IDOR hints, Directory listing, Mixed content, and dangerous HTTP methods.
  • Configuration Driven: Supports extensive customization via YAML/JSON configuration files.
  • Authentication: Supports Generic Login (POST) and manual cookie/session/header configurations.
  • Reporting: Generates a self-contained HTML report with evidence snippets.

Installation

  1. Clone this repository:
git clone https://github.com/Bot-Manav/Web-Vulnerability_scanner.git
cd Web-Vulnerability_scanner
  1. Install the required Python packages:
pip install requests beautifulsoup4 rich pyyaml dnspython

Usage

Basic Scan

python web_analyzer_advanced.py http://example.com

Advanced Scan with Configuration File

You can generate an example configuration file and use it to define complex scan settings:

# Generate a template configuration file
python web_analyzer_advanced.py --init-config scan.yaml

# Run the scanner using the generated configuration
python web_analyzer_advanced.py --config scan.yaml

Authenticated Scanning

Option A: Generic Login (Auto-login) Provide the login URL and field names. The scanner will attempt to log in before scanning.

python web_analyzer_advanced.py http://example.com/ \
  --login-url http://example.com/login.php \
  --username-field user \
  --password-field pass \
  --username admin \
  --password secret

Option B: Manual Session Cookie / Headers If you are already logged in via browser, grab your session cookies or use custom headers.

# Use a custom cookie string
python web_analyzer_advanced.py http://example.com --cookie "session=xyz; security=low"

# Load a cookie jar file
python web_analyzer_advanced.py http://example.com --cookiejar cookies.txt

# Use custom headers
python web_analyzer_advanced.py http://example.com --header "Authorization: Bearer mytoken"

Options

Flag Description
--output, -o Output HTML report filename (default: web_scan_report.html).
--config Path to YAML/JSON configuration file.
--init-config Generate an example configuration file.
--max-tests Limit the number of HTTP requests to prevent flooding (default: 300).
--workers Number of concurrent threads for scanning (default: 10).
--timeout HTTP request timeout in seconds (default: 12).
--cookie Manually set arbitrary cookies (e.g., key=value; key2=val2).
--cookiejar Load cookies from a Netscape/Mozilla cookie jar file.
--header Set custom headers (e.g., --header "X-API-Key: abc").
--login-url URL to POST login credentials to.
--no-sqli, --no-xss, ... Disable specific vulnerability payloads (e.g., --no-xss).

Roadmap & Limitations

This tool is currently in an alpha/educational state. Contributors should be aware of the following known limitations and planned updates:

  • Crawling: The crawler is shallow (Level 1 depth). It does not recursively spider the entire application.
  • Detection Logic: Relies heavily on regex and string matching.
    • Planned: Better heuristic analysis to reduce false positives/negatives.
    • Planned: dedicated specific payloads for different DB backends (MySQL vs PostgreSQL strategies).
  • DOM XSS: Does not use a headless browser (like Selenium/Playwright), so it may miss DOM-based XSS that requires JavaScript execution to trigger.
  • Proxy Support: No built-in support for proxying traffic (e.g., through Burp Suite) yet.
  • WAF Evasion: No encoding/obfuscation techniques implemented to bypass WAFs.

About

No description or website provided.

Topics

cli python-script xss-detection vulnerability-scanners command-injection-scanner ssti-detection sqli-detection

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages