Skip to content

JaiRaj22/vulnerability-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
templates
templates
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
db.py
db.py
 
 
demo.py
demo.py
 
 
example.db
example.db
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Vulnerability Scanner

Introduction

This project is a web vulnerability scanner designed to identify common security issues in web applications. It checks for vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Open Redirects, Cross-Site Request Forgery (CSRF), Server-Side Request Forgery (SSRF), and CORS misconfigurations.

Dependencies

The application requires the following dependencies:

  • Python 3
  • Streamlit
  • BeautifulSoup4
  • Selenium
  • requests
  • webdriver-manager

Installation

To install the required dependencies, run the following command:

pip install streamlit beautifulsoup4 selenium requests webdriver-manager

Tools and Frameworks

  • Streamlit: Used for creating the web interface.
  • BeautifulSoup: Used for parsing HTML and XML documents.
  • Selenium: Used for automating web browsers.
  • requests: Used for making HTTP requests.

Testing the Application

  1. Demo Testing:

    • Run demo.py to perform initial tests and ensure the setup is correct.
    • This script should validate basic functionality and output test results.
    • Then run index.html and paste the link in main.py input field for testing the demo vulnerable web application.

  2. Live Testing:

    • Run main.py with streamlit run main.py and paste the desired url for testing the mentioned vulnerabilities.
    • Before using this application to scan a URL, ensure you have the right to test the website, as unauthorized scanning can be considered illegal and unethical. Always seek permission from the website owner
      before conducting any vulnerability scans. This tool is intended for security testing and educational purposes only.

Vulnerabilities and Impacts

  • SQL Injection: Allows attackers to execute arbitrary SQL code on a database.
  • XSS (Cross-Site Scripting): Allows attackers to inject client-side scripts into web pages viewed by other users.
  • Open Redirect: Allows attackers to redirect users to malicious websites.
  • CSRF (Cross-Site Request Forgery): Tricks a user into submitting a malicious request.
  • SSRF (Server-Side Request Forgery): Allows attackers to send crafted requests from the backend server.
  • CORS (Cross-Origin Resource Sharing): Misconfigurations can allow unauthorized access to API resources.

Each of these vulnerabilities can lead to data breaches, unauthorized access, and other significant security risks, potentially resulting in financial and reputational damage to the business.

Conclusion

This vulnerability scanner is a powerful tool for identifying potential security threats in web applications. Regular scanning and timely addressing of identified vulnerabilities are crucial for maintaining the security and integrity of any web-based business infrastructure.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages