A comprehensive web application vulnerability scanner with a graphical user interface, designed for educational purposes and ethical security testing. This tool helps identify common web vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Path Traversal.
This tool is for EDUCATIONAL PURPOSES and ETHICAL SECURITY TESTING ONLY.
- Only use this scanner on applications you have explicit permission to test
- Unauthorized scanning of websites may be illegal in your jurisdiction
- The authors are not responsible for any misuse of this software
- User-friendly GUI for easy configuration and result analysis
- Multi-threaded scanning for improved performance
- Vulnerability detection for:
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Path Traversal
- Customizable scan options:
- Custom payloads support
- HTTP cookies and headers configuration
- Adjustable thread count and timeout settings
- Comprehensive reporting with detailed vulnerability information
- Export functionality for scan results
- Python 3.6+
- Required Python packages:
- requests>=2.28.0
- urllib3>=1.26.0
- beautifulsoup4>=4.11.0
- tkinter (usually included with Python)
- argparse (included in Python standard library)
- typing (included in Python standard library)
-
Clone this repository or download the source code:
git clone https://github.com/yourusername/vulnerability-scanner.git cd vulnerability-scanner -
Install the required dependencies:
pip install -r requirements.txt
Run the main script to launch the GUI:
python vuln_scanner_gui.py
- Enter the target URL (e.g., http://example.com)
- Select vulnerability types to scan for
- Configure advanced options:
- Max threads: Controls the number of concurrent scanning threads
- Timeout: Maximum time to wait for HTTP responses
- Verbose logging: Enable detailed logging during the scan
- Set HTTP options (optional):
- Cookies: Format as
name1=value1; name2=value2 - Headers: Format as
name1: value1; name2: value2
- Cookies: Format as
- Configure custom payloads (optional)
- Click "Start Scan" to begin
- View real-time scan progress and statistics
- Monitor the log for detailed information
- Stop the scan at any time if needed
- Review discovered vulnerabilities in the table
- Double-click on a vulnerability to see detailed information
- Export results to JSON format for further analysis
- Crawling: The scanner crawls the target website to discover URLs and forms
- Parameter Analysis: Each parameter in forms and URLs is tested with various payloads
- Vulnerability Detection: Responses are analyzed for signs of successful exploitation
- Reporting: Detected vulnerabilities are presented with detailed information
- Always obtain proper authorization before scanning any website
- Start with a low thread count to avoid overwhelming the target
- Use the verbose logging option to understand the scanning process
- Review the results carefully to avoid false positives
You can extend the scanner's capabilities by:
- Adding custom payloads for existing vulnerability types
- Implementing new vulnerability detection methods in the
VulnerabilityScannerclass - Enhancing the GUI with additional features
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
For questions, issues, or feature requests, please open an issue in the GitHub repository.
Remember: This tool is meant for educational purposes and ethical security testing only. Always scan responsibly and with proper authorization.