https://github.com/arjunraj79/vapt-api-for-automated-vulnerability-scanning

This repository contains a Django-based API for performing basic vulnerability assessments on target web applications.
https://github.com/arjunraj79/vapt-api-for-automated-vulnerability-scanning

api apitesting django postman protscanning python socket vapt vapt-framework

Last synced: 7 months ago
JSON representation

This repository contains a Django-based API for performing basic vulnerability assessments on target web applications.

• Host: GitHub
• URL: https://github.com/arjunraj79/vapt-api-for-automated-vulnerability-scanning
• Owner: arjunraj79
• Created: 2024-11-22T19:14:49.000Z (11 months ago)
• Default Branch: main
• Last Pushed: 2024-11-25T08:21:53.000Z (11 months ago)
• Last Synced: 2025-01-29T11:45:45.400Z (8 months ago)
• Topics: api, apitesting, django, postman, protscanning, python, socket, vapt, vapt-framework
• Language: Python
• Homepage:
• Size: 16 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# VAPT API: Automated Vulnerability Scanner



This repository contains a Django-based API for performing basic vulnerability assessments on target web applications.

This project is a Django-based API for automated vulnerability scanning of web applications. The API performs checks like port scanning, security header validation, and basic SQL injection testing, returning results in a JSON format. It supports multiple HTTP methods (GET, POST, PUT, PATCH, DELETE, HEAD) and is designed to be integrated into security workflows for developers and professionals. The project utilizes technologies like Django, Python, and the REST framework, with Postman for testing and GitHub for version control. It aims to enhance skills in API development, security testing, and software engineering best practices.

## Features

*   **Vulnerability Scanning:**

    *   Performs port scanning to identify open ports.

    *   Checks for missing security headers (e.g., X-XSS-Protection, Content-Security-Policy).

    *   Conducts a simple SQL injection test.

*   **Reporting:** Returns scan results in JSON format, including:

    *   Open ports

    *   Missing security headers

    *   SQL injection vulnerabilities (if any)

*   **Flexibility:** Accepts both raw JSON and form data in requests.

*   **Multiple HTTP Methods:** Supports GET, POST, PUT, PATCH, DELETE, and HEAD requests.

*   **Error Handling:** Provides informative error messages for invalid requests or unexpected errors.

*   **CSRF Exemption:** The API endpoint is exempt from CSRF protection for easier testing and integration.

## Getting Started

### Prerequisites

*   Python 3.7 or higher

*   pip (Python package installer)

*   Postman (for API testing)

### Installation

1.  Clone the repository:

    ```

    git clone https://github.com/arjunraj79/VAPT-API-for-Automated-Vulnerability-Scanning.git

    ```

2.  Create a virtual environment:

    ```

    python -m venv venv

    ```

3.  Activate the virtual environment:

    ```

    source venv/bin/activate

    ```

4.  Install the dependencies:

    ```

    pip install -r requirements.txt

    ```

### Running   

 the API

1.  Start the Django development server:

    ```

    python manage.py runserver

    ```

2.  The API will be accessible at `http://127.0.0.1:8000/api/scan/`.

### Making API Requests

You can use Postman or any other API testing tool to make requests to the API endpoint.

**Example using Postman (GET request)**

1.  Open Postman and create a new request.

2.  Select GET as the HTTP method.

3.  Enter the URL: `http://127.0.0.1:8000/api/scan/`.

4.  Go to the "Params" tab.

5.  Add a key-value pair with `url` as the key and the target URL as the value (e.g., `url: https://www.example.com`).

6.  Click the "Send" button.

**Example using cURL (POST request with JSON)**

```

curl -X POST -H "Content-Type: application/json" -d '{"url": "[https://www.example.com](https://www.example.com)"}' http://127.0.0.1:8000/api/scan/

Use code with caution.

```

### API Documentation

```

Endpoint: /api/scan/

```

Methods: GET, POST, PUT, PATCH, DELETE, HEAD

Request Body (for POST, PUT, PATCH):

url (string): The URL of the target website to scan.

Response Body:

```

JSON

{

"open_ports": [80, 443],

"missing_security_headers": ["X-XSS-Protection", "Content-Security-Policy", "Strict-Transport-Security", "X-Frame-Options"],

"sql_injection_vulnerability": false

}

```

### Screenshots and Output 























### Contributing

Contributions are welcome! Feel free to open issues or submit pull requests.