Web Vulnerability Scanner

A comprehensive web vulnerability scanner that automatically tests websites for SQL injection, XSS (Cross-Site Scripting), DDoS vulnerabilities, and business logic flaws.

Features

• Automated crawling of target websites
• Detection of forms and GET parameters
• Multiple vulnerability detection capabilities:
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • DDoS vulnerability testing
  • Business Logic vulnerability testing:
    • Workflow bypass detection
    • Access control testing
    • Race condition detection
• Risk-based vulnerability assessment
• Multi-threaded scanning for faster results
• Enhanced reporting options:
  • Detailed HTML reports
  • Interactive dashboards with charts and filters
  • Executive summaries with business impact assessment
• AI-powered remediation advice (when available)
• Detailed logging and reporting
• Colorized terminal output
• Customizable scan types

Project Structure

web-vulnerability-scanner/
├── scan.py                   # Main scanner script
├── vulnerability_advisor.py  # AI-powered remediation advice (optional)
├── dashboard_generator.py    # Interactive dashboard generator
├── executive_summary.py      # Business-focused reporting
├── workflow_tests.json       # Example workflow test configuration
├── access_control_tests.json # Example access control test configuration
├── race_condition_tests.json # Example race condition test configuration
├── requirements.txt          # Python dependencies
├── scanner.log               # Log file (created during execution)
└── README.md                 # Documentation

Installation

1. Clone the repository or download the files:

git clone https://github.com/yourusername/web-vulnerability-scanner.git
cd web-vulnerability-scanner

2. Create a virtual environment (recommended):

python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

3. Install the required dependencies:

pip install -r requirements.txt

Usage

Basic usage with a target URL:

python scan.py -u https://example.com

Command Line Options

-u, --url URL                 Target URL to scan (required)
-t, --threads N               Number of threads (default: 5)
-d, --depth N                 Crawl depth (default: 2)
--timeout N                   Request timeout in seconds (default: 10)
-v, --verbose                 Enable verbose output
-r, --report                  Generate detailed HTML report
--scan-types TYPES            Comma-separated list of scan types: sqli,xss,ddos,business_logic (default: all)
--business-logic              Enable business logic vulnerability testing
--workflow-config FILE        Path to workflow test configuration file (JSON)
--access-control-config FILE  Path to access control test configuration file (JSON)
--race-condition-config FILE  Path to race condition test configuration file (JSON)
--dashboard                   Generate interactive dashboard
--executive-summary           Generate executive summary report

Examples

Scan a website with default settings (all vulnerability types):

python scan.py -u https://example.com

Scan with business logic vulnerability testing:

python scan.py -u https://example.com --business-logic --workflow-config workflow_tests.json

Scan with enhanced reporting options:

python scan.py -u https://example.com -r --dashboard --executive-summary

Scan only for specific vulnerability types:

python scan.py -u https://example.com --scan-types sqli,xss,business_logic

Full scan with all features:

python scan.py -u https://example.com -d 3 -t 10 -r --dashboard --executive-summary --business-logic --workflow-config workflow_tests.json --access-control-config access_control_tests.json --race-condition-config race_condition_tests.json

How It Works

1. Crawling: The scanner crawls the website up to the specified depth to find forms and URLs with GET parameters.

2. Form Detection: The scanner identifies HTML forms and extracts their action URLs, methods, and input fields.

3. Parameter Detection: The scanner finds URLs with GET parameters that could be vulnerable to injection attacks.

4. Vulnerability Testing:

   • SQL Injection: Tests each form and parameter with various SQL injection payloads.
   • XSS: Tests for cross-site scripting vulnerabilities by injecting script payloads.
   • DDoS: Tests for potential denial-of-service vulnerabilities by analyzing response times.
   • Business Logic:
     • Workflow Bypass: Tests if users can skip required steps in critical workflows.
     • Access Control: Tests if users can access resources they shouldn't have access to.
     • Race Conditions: Tests for concurrency issues that could lead to data inconsistencies.

5. Risk Assessment: Each vulnerability is assessed for its severity (Critical, High, Medium, Low) based on:

   • Exploitability: How easily the vulnerability can be exploited
   • Impact: The potential business impact if exploited
   • Context: The sensitivity of the affected functionality

6. Reporting: Multiple reporting options provide insights for different audiences:

   • Detailed HTML Report: Technical details for security teams
   • Interactive Dashboard: Visualization of vulnerabilities with filtering capabilities
   • Executive Summary: Business-focused report highlighting impact and recommendations

Business Logic Testing Configuration

The scanner supports JSON configuration files for defining business logic tests:

1. Workflow Tests: Define critical business processes and test if steps can be bypassed
2. Access Control Tests: Define resources with different access levels and test for unauthorized access
3. Race Condition Tests: Define endpoints that should maintain data consistency and test with concurrent requests

Example configuration files are provided in the repository.

Disclaimer

This tool is for educational and ethical testing purposes only. Always obtain proper authorization before scanning any website. Unauthorized scanning of websites may be illegal in your jurisdiction.

License

This project is licensed under the MIT License.