https://github.com/rutaganda-salim/web-guardian

The Multi-Tool Web Vulnerability Scanner.
https://github.com/rutaganda-salim/web-guardian

penetration-testing scanner-web vulnerability-scanners web-guardian

Last synced: 7 months ago
JSON representation

The Multi-Tool Web Vulnerability Scanner.

• Host: GitHub
• URL: https://github.com/rutaganda-salim/web-guardian
• Owner: rutaganda-salim
• License: gpl-2.0
• Created: 2025-03-20T15:13:09.000Z (7 months ago)
• Default Branch: main
• Last Pushed: 2025-03-20T15:39:38.000Z (7 months ago)
• Last Synced: 2025-03-20T16:35:00.499Z (7 months ago)
• Topics: penetration-testing, scanner-web, vulnerability-scanners, web-guardian
• Language: Python
• Homepage:
• Size: 50.8 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
## 🟥 WebGuardian v0.1 - The Multi-Tool Web Vulnerability Scanner

### Evolution

It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program is to solve this problem through automation; viz. running multiple scanning tools to discover vulnerabilities, effectively judge false-positives, collectively correlate results and saves precious time; all these under one roof.

Enter WebGuardian.

### Features

- One-step installation.

- Executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously.

- Some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, amass, nikto etc executes under one entity.

- Saves a lot of time, indeed a lot time!

- Checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively.

- Extremely light-weight and not process intensive.

- Legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed.

- Association with OWASP Top 10 & CWE 25 on the list of vulnerabilities discovered. (under development)

- Critical, high, medium, low and informational classification of vulnerabilities.

- Vulnerability definitions guides you what the vulnerability actually is and the threat it can pose.

- Remediation tells you how to plug/fix the found vulnerability.

- Executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered.

- Artificial intelligence to deploy tools automatically depending upon the issues found. For example, automates the launch of wpscan and plecost tools when a WordPress installation is found. (under development)

- Detailed comprehensive report in a portable document format (\*.pdf) with complete details of the scans and tools used. (under development)

- On the run metasploit auxiliary modules to discover more vulnerabilities. (under development)

### Vulnerability Checks

- ✔️ DNS/HTTP Load Balancers & Web Application Firewalls.

- ✔️ Checks for Joomla, WordPress and Drupal.

- ✔️ SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).

- ✔️ Commonly Opened Ports.

- ✔️ DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).

- ✔️ Sub-Domains Brute Forcing (DNSMap, amass, nikto).

- ✔️ Open Directory/File Brute Forcing.

- ✔️ Shallow XSS, SQLi and BSQLi Banners.

- ✔️ Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).

- & more coming up...

### Requirements

- Python 3

- Kali OS (Preferred, as it is shipped with almost all the tools)

- Tested with Parrot & Ubuntu Operating Systems.

### Installation

```bash

git clone https://github.com/rutaganda-salim/web-guardian.git /opt/

cd /opt/rapidscan

python3 -m pip install .

```