{"id":23820113,"url":"https://github.com/claudiaslibrary/webappsec","last_synced_at":"2026-02-12T15:31:10.250Z","repository":{"id":266834535,"uuid":"899500803","full_name":"ClaudiasLibrary/webAppSec","owner":"ClaudiasLibrary","description":"This tool automates the process of auditing a web application for common security vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and missing HTTP security headers. The results of the audit are stored in an HTML report for easy review.","archived":false,"fork":false,"pushed_at":"2025-02-17T19:08:05.000Z","size":12,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-13T15:59:03.504Z","etag":null,"topics":["cross-site-scripting","cybersecurity","html-report","http-secure-header","open-source-security","penetration-testing","python-security","sql-injection","vulnerability-scanners","web-security","xss"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ClaudiasLibrary.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-12-06T11:53:32.000Z","updated_at":"2025-02-17T19:08:08.000Z","dependencies_parsed_at":null,"dependency_job_id":"d4d44591-2127-4a3c-86ec-f9526e29bad1","html_url":"https://github.com/ClaudiasLibrary/webAppSec","commit_stats":null,"previous_names":["claudiaslibrary/webappsec"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ClaudiasLibrary/webAppSec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ClaudiasLibrary%2FwebAppSec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ClaudiasLibrary%2FwebAppSec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ClaudiasLibrary%2FwebAppSec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ClaudiasLibrary%2FwebAppSec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ClaudiasLibrary","download_url":"https://codeload.github.com/ClaudiasLibrary/webAppSec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ClaudiasLibrary%2FwebAppSec/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29370546,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-12T08:51:36.827Z","status":"ssl_error","status_checked_at":"2026-02-12T08:51:26.849Z","response_time":55,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cross-site-scripting","cybersecurity","html-report","http-secure-header","open-source-security","penetration-testing","python-security","sql-injection","vulnerability-scanners","web-security","xss"],"created_at":"2025-01-02T07:19:49.324Z","updated_at":"2026-02-12T15:31:10.233Z","avatar_url":"https://github.com/ClaudiasLibrary.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Web Application Security Auditing Tool\n\n## Theory behind the code\n[Web Applications Vulnerabilities](https://claudiaslibrary.notion.site/Web-Applications-Vulnerabilities-12b19f756832801f9e2dd32a86bd628b)\n\n## Overview\nThis tool automates the process of auditing a web application for common security vulnerabilities\nsuch as SQL Injection, Cross-Site Scripting (XSS), and missing HTTP security headers.\nThe results of the audit are stored in an HTML report for easy review.\n\n## Features\n- Automatically scrape all forms and input fields.\n- Test for SQL Injection vulnerabilities using SQLMap.\n- Test for XSS vulnerabilities by injecting payloads.\n- Check for missing HTTP security headers (like `Strict-Transport-Security`, `X-Content-Type-Options`, etc.).\n\n## Requirements\n- Python 3.x\n- `requests`, `beautifulsoup4`, `sqlmap` (installed via `pip`)\n\n## Installation\nClone this repository and install the required dependencies\n\n## Example Output of Security Audit Script\n\n```bash\nStarting security audit for https://example.com...\nScraping forms and input fields...\nTesting for SQL Injection vulnerability on parameter: username...\nSQL Injection vulnerability detected on username. Result: Vulnerable to SQL Injection.\nTesting for SQL Injection vulnerability on parameter: password...\nNo SQL Injection vulnerability detected on password.\nTesting for XSS vulnerability on parameter: username...\nXSS vulnerability detected on username. Result: Cross-site scripting found.\nTesting for XSS vulnerability on parameter: password...\nNo XSS vulnerability detected on password.\nChecking for missing security headers...\nSecurity audit completed. Report generated: security_report.html\n```\n\n\n### Generated Report (HTML)\n\n```html\n\u003chtml\u003e\n\u003chead\u003e\u003ctitle\u003eSecurity Scan Report\u003c/title\u003e\u003c/head\u003e\n\u003cbody\u003e\n    \u003ch1\u003eSecurity Scan Report\u003c/h1\u003e\n    \u003ch2\u003eVulnerabilities Detected\u003c/h2\u003e\n    \u003cp\u003eSQL Injection vulnerability detected on username. Result: Vulnerable to SQL Injection.\u003c/p\u003e\n    \u003cp\u003eXSS vulnerability detected on username. Result: Cross-site scripting found.\u003c/p\u003e\n    \u003cp\u003eMissing security headers: X-Frame-Options, Strict-Transport-Security\u003c/p\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n```\n\n\n### Explanation\n\n1. **Input**: The script starts by running a security audit on a target URL (`https://example.com`).\n2. **Form Scraping**: The script scrapes all forms and input fields from the target URL.\n3. **SQL Injection Test**: It checks each form parameter for SQL Injection vulnerabilities.\n   - In this example, the parameter `username` is found to be vulnerable to SQL Injection, but `password` is safe.\n4. **XSS Test**: The script tests each form parameter for XSS (Cross-Site Scripting) vulnerabilities.\n   - The `username` field is found to be vulnerable to XSS, while `password` is safe.\n5. **Security Header Check**: The script checks for missing security headers (like `X-Frame-Options`, `Strict-Transport-Security`).\n   - Missing headers are added to the report if detected.\n6. **Report Generation**: After completing the audit, the results are saved to an HTML report, which details all detected vulnerabilities.\n7. **Output**: The script generates a report in the file `security_report.html`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclaudiaslibrary%2Fwebappsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclaudiaslibrary%2Fwebappsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclaudiaslibrary%2Fwebappsec/lists"}