Skip to content

kaaek/Mimir-Vulnerability-Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mimir.py
mimir.py
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Mimir Vulnerability Scanner

Mimir is a web vulnerability scanner focused on SQL injection and XSS vulnerabilites with optional crawling, Playwright-assisted checks, and CVE enrichment.

It features reflected XSS scanning for discovered inputs and links, optional crawling with configurable depth and link limits, optional Playwright-based stored and DOM XSS checks, optional NVD CVE searces for XSS findings via nvdlib, and output to terminal or file.

Warning

Use this tool only on systems you own or are explicitly authorized to test.

Get Started

Windows: py setup.py or python setup.py

Linux and macOS: It is recommended (and on some systems required) to use a virtual environment.

python3 -m venv mimir
source mimir/bin/activate
python3 setup.py

Tips:

  • If your python command already points to Python 3, you can replace python3 with python.
  • To deactivate virtual environemnt when done when done, run deactivate
  • To Reactivate later from the project root, run source mimir/bin/activate

Usage: mimir.py [-h] [-d MAX_DEPTH] [-m MAX_LINKS] [--obey-robots] [--no-crawl] [-t THREADS] [--no-playwright] [--page-timeout PAGE_TIMEOUT] [--no-cve-enrichment] [--cve-limit CVE_LIMIT] [-o OUTPUT] url

Positional arguments: url Target URL to scan

Options:

  • -h, --help Show this help message and exit
  • -d, --max-depth MAX_DEPTH Maximum depth for crawling links (default: 3)
  • -m, --max-links MAX_LINKS Maximum links to visit while crawling. 0 means no limit
  • --obey-robots Respect robots.txt crawling rules
  • --no-crawl Disable crawling and scan only the provided URL
  • -t, --threads THREADS Number of threads (default: 5)
  • --no-playwright Disable Playwright-based stored and DOM XSS checks
  • --page-timeout PAGE_TIMEOUT Playwright page timeout in milliseconds (default: 8000)
  • --no-cve-enrichment Disable nvdlib-based CVE enrichment for XSS findings
  • --cve-limit CVE_LIMIT Max number of XSS CVEs to fetch from NVD (default: 10)
  • -o, --output OUTPUT Optional output file for vulnerabilities

Examples:

# Basic scan
python mimir.py https://example.com
# Crawl with custom depth and save findings
python mimir.py https://example.com -d 2 -m 50 -o findings.txt

References

  • How to Build an XSS Vulnerability Scanner in Python by The Python Code - Article
  • Build a web application security scanner with Python by freeCodeCamp - Article
  • Vulnerability Scanner by Khalidben344 - Repository
  • Nvdlib - Documentation

About

Web scanner for XSS and SQL injection vulnerabilities built with Python.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages