{"id":15009167,"url":"https://github.com/rundtstykker/application-web-vulnerabilities-scanner","last_synced_at":"2025-04-09T17:22:49.146Z","repository":{"id":176471771,"uuid":"300001775","full_name":"rundtstykker/Application-Web-vulnerabilities-scanner","owner":"rundtstykker","description":"A python 2.7 vulnerability scanner that can easily be customized to scan for specified vulnerabilities by replacing or adding strings to input fields. ","archived":false,"fork":false,"pushed_at":"2023-06-24T19:44:31.000Z","size":13,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-03-23T19:22:42.400Z","etag":null,"topics":["python27","web","web-vulnerability-scanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rundtstykker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-30T17:38:42.000Z","updated_at":"2024-10-03T05:15:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"2f4c8a71-5413-4d68-9b49-3a9ef377796f","html_url":"https://github.com/rundtstykker/Application-Web-vulnerabilities-scanner","commit_stats":null,"previous_names":["regneisokgen/application-web-vulnerabilities-scanner","rundtstykker/application-web-vulnerabilities-scanner"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rundtstykker%2FApplication-Web-vulnerabilities-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rundtstykker%2FApplication-Web-vulnerabilities-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rundtstykker%2FApplication-Web-vulnerabilities-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rundtstykker%2FApplication-Web-vulnerabilities-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rundtstykker","download_url":"https://codeload.github.com/rundtstykker/Application-Web-vulnerabilities-scanner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248075290,"owners_count":21043557,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["python27","web","web-vulnerability-scanner"],"created_at":"2024-09-24T19:23:22.915Z","updated_at":"2025-04-09T17:22:49.120Z","avatar_url":"https://github.com/rundtstykker.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Web-vulnerabilities-scanner\nA python 2.7 vulnerability scanner that can easily be customized to scan for specified vulnerabilities by replacing or adding strings to input fields. \n\n[![forthebadge made-with-python](http://ForTheBadge.com/images/badges/made-with-python.svg)](https://www.python.org/)\n\n## Testing for application vulnerabilities\nThe vul_scanner.py will crawl and test input fields for XXS in links/forms and the simplest SQL injection of (password' or 1=1#) in forms. You should add more customized and complex inputs to make this program better. The input to test for vulnerability is stored as varibale and used as input to specified functions to test for vulnerabilities. This can easily be built upon. \n\n## Avoid getting logged out\nAny inputs in the ```links_to_ignore``` variable in ```vul_scanner.py``` will be ignored. \n\n## Using credentials to crawl other otherwise inaccessible pages\nUse the ```data_dict variable``` in ```vul_scanner.py``` to allow scanner to use credentials to gain access to pages specified in the ```vulnerabilities_scanner.session.post``` variable\n\n## Running the program\nWritten in python 2.7, make sure to use the appropriate interrupter.\nSpecify the url in the ```target_url``` variable in ```vul_scanner.py```\nTo run the scanner\n```bash\npython vul_scanner.py\n```\n\n## 📈Example usage configurations\n```python\n#!usr/bin/env python\n\nimport scanner\n\ntarget_url = \"example.com\"\nlinks_to_ignore = [\"example.com/logout/\"]\n# If initial scan scans a logout url, you'd want to include it in here so that you dont lose the post session\n\ndata_dict = {\"username\": \"admin\", \"password\": \"password\", \"Login\": \"submit\"}\n# this is for if loggin in will get you more links and you know the login info\n\nvulnerabilities_scanner = scanner.Scanner(target_url, links_to_ignore)\nvulnerabilities_scanner.session.post(\"example.com/admin/login\", data=data_dict) # this is the link to which the scanner will login and store as post\n\nvulnerabilities_scanner.crawl()\nvulnerabilities_scanner.run_scanner()\n```\n\n## Attention\nPlease do not use this program where unauthorized.\n\n## Credits\n\n|                                      |             |\n| ------------------------------------ | ----------- |\n| **Author**                           | @bryanwei   |\n\n## License\nSee the [LICENSE](https://github.com/bryanweielio/Web-vulnerabilities-scanner/blob/master/LICENSE) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frundtstykker%2Fapplication-web-vulnerabilities-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frundtstykker%2Fapplication-web-vulnerabilities-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frundtstykker%2Fapplication-web-vulnerabilities-scanner/lists"}