OPEN ONLY RUN.PY
Name: Sanjib Behera
Project Repository: https://github.com/sanjib2006/web-vulnerability-scanner.git
After installation open run.py...
To clone the project repository to your local machine, run the following command in your terminal:
git clone https://github.com/sanjib2006/web-vulnerability-scanner.git
cd web-vulnerability-scanner
Python Library: Requests, Socket, Time, Threading
pip install -r requirements.txtThe Web Vulnerability Scanner is a Python-based security testing tool designed to identify and analyze potential vulnerabilities in web applications and networks. This project utilizes a variety of Python libraries, including socket, requests, threading, and time, along with specially curated wordlists for efficient and effective testing. It provides an easy-to-use interface, allowing users to select specific security tests to assess different aspects of a system's security posture.
The goal of this project is to automate common security testing procedures for web applications and networks, empowering security professionals and developers to identify vulnerabilities before malicious actors can exploit them.
The Web Vulnerability Scanner includes the following key features:
-
Network (Port) Scanner
This tool scans open ports on a target domain or IP address, helping to identify potential vulnerabilities in the network infrastructure. It uses multi-threading to speed up the scanning process. -
Subdomain Enumeration
Detects subdomains associated with a target domain. By using a wordlist of common subdomains, it checks each subdomain to see if it's live. -
Directory Listing (Brute Forcing)
Attempts to discover hidden or inaccessible directories on the target domain using a wordlist. If a directory responds with a200 OKstatus code, it is printed. -
SQL Injection Detection
Tests for SQL injection vulnerabilities by injecting common SQL payloads into user input fields. If a server responds in a way that suggests an SQL vulnerability, it is flagged. -
XSS Detection
Checks for Cross-Site Scripting (XSS) vulnerabilities by injecting various XSS payloads into user input fields. It can handle both GET and POST-based attacks. -
Brute Force Attack Simulation
Tries a list of common passwords to test the strength of authentication systems. If the response does not indicate invalid credentials and a status code of200 OKis returned, the correct password is assumed.