Skip to content

Rsaimukesh/Web_eXploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
webscanner
webscanner
 
 
README.md
README.md
 
 

Repository files navigation

Web Vulnerability Scanner

Overview

This script is a web vulnerability scanner designed to test web applications for common security flaws such as SQL Injection (SQLi), Cross-Site Scripting (XSS), hidden admin panels, insecure configurations, and more. The tool automates scanning and helps penetration testers and security enthusiasts analyze web security.

Features

  • SQL Injection (SQLi) Detection
  • Cross-Site Scripting (XSS) Detection
  • Admin Panel Discovery
  • Subdomain Bruteforcing
  • Scanning for Hidden Flags (useful for CTF challenges)
  • Insecure Configuration Checks
  • Cookie Extraction and Analysis
  • Multithreading Support for Faster Scans

Installation

Prerequisites

Ensure you have Python 3 installed along with the required dependencies:

pip install -r requirements.txt

Required Dependencies

  • requests
  • beautifulsoup4

Usage

Run the script using the following command:

python webscanner.py

Follow the on-screen instructions to provide a target URL and customize the scanning options.

Modules & Functions

  • get_target_url(): Prompts user for target URL input.
  • test_connection(): Checks if the server is reachable.
  • scan_subdomains(): Performs subdomain brute-force using a wordlist.
  • scan_sqli(): Tests for SQL Injection vulnerabilities.
  • is_xss_vulnerable(): Checks if the target is vulnerable to XSS.
  • find_admin_panels(): Searches for common admin panel URLs.
  • scan_flags(): Scans web pages for hidden flags (useful for CTF challenges).
  • scan_cookies(): Extracts and displays cookies set by the target site.
  • scan_html_source(): Searches the HTML source for sensitive information.

Example Output

[✅] Server is online: http://example.com (Status: 200)
[🔎] Scanning for Flags...
[🟢] Live Subdomain Found: http://admin.example.com
[✅] No SQL Injection vulnerabilities found.
[🟢] Admin Panel Found: http://example.com/admin
[✅] Scan completed!

Notes

  • Ensure that you have the required subdomains.txt wordlist for subdomain brute-force.
  • This tool should only be used for legal penetration testing with proper authorization.
  • Running scans on unauthorized websites may be illegal in certain regions.

License

This project is for educational purposes only. The authors are not responsible for any misuse of this tool.

Disclaimer

Use this tool only on websites you own or have explicit permission to test. Unauthorized scanning may violate cybersecurity laws.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages