This script scans a given URL for common vulnerabilities and generates a detailed vulnerability report in CSV format. It performs various security checks, including SQL injection, XSS, directory traversal, open ports, and more.
- SQL Injection Detection: Identifies SQL vulnerabilities by injecting common payloads.
- Cross-Site Scripting (XSS): Detects possible XSS vulnerabilities using common scripts.
- Directory Traversal: Tests for access to restricted directories.
- Open Directory Check: Scans for open directory indexes.
- Subdomain Discovery: Identifies accessible subdomains.
- Port Scanning: Checks for open ports like 21, 22, 80, 443, 8080.
- Sensitive Endpoint Discovery: Searches for exposed sensitive endpoints.
- HTTP Security Headers: Analyzes the presence of essential HTTP security headers.
- Command Injection: Tests for command execution vulnerabilities.
- CSRF Token Check: Detects forms without anti-CSRF tokens.
- SSL/TLS Configuration: Validates SSL certificates and checks expiration.
- Open Redirect: Identifies potential redirect vulnerabilities.
- File Upload Vulnerabilities: Tests upload functionality for security flaws.
- Directory Enumeration: Enumerates common directories for accessibility.
- Weak Session Management: Verifies secure cookie flags.
- Exposed API Endpoints: Discovers unprotected API endpoints.
- Access Control Flaws: Checks for unauthorized access to restricted areas.
- Parameter Tampering: Verifies server behavior on modified parameters.
- Rate Limiting: Checks for rate-limiting mechanisms.
- Python 3.6+
- Libraries:
requestspandasurllib.parsesocketssl
- Clone the repository or download the script.
Install dependencies using pip:
bash
Copy code
pip install requests pandas
- Replace the
target_urlvariable with the URL you want to scan.
Run the script:
bash
Copy code
python vulnerability_scanner.py
- The results will be saved to
vulnerability_report.csv.
- Output File: Set the
output_fileparameter to specify the CSV file name. - Custom Payloads: Modify the payload lists in the script for SQL, XSS, command injection, etc., to include custom tests.
- Subdomains and Endpoints: Edit the
subdomainsandendpointslists to include more test cases.
- Ensure you have permission to scan the target domain. Unauthorized scanning may violate laws or terms of service.
- The script provides a basic vulnerability scan and should not replace comprehensive security testing.
A sample vulnerability_report.csv might look like this:
| URL | Vulnerability Type | Payload | Details |
|---|---|---|---|
| https://example.com?test=' | SQL Injection | ' |
Detected SQL syntax error. |
| https://example.com/upload | File Upload | test.php |
Uploaded PHP file executed. |
| https://admin.example.com | Exposed Subdomain | N/A |
Subdomain is accessible. |
| https://example.com:443 | Open Port | Port 443 |
Port 443 is open. |
This tool is for educational and authorized testing purposes only. Do not use it on systems you do not own or have explicit permission to test.