Web Application Vulnerability Scanner Β #26
Description
Python implementation of a web vulnerability scanner that checks for SQL Injection and Cross-Site Scripting (XSS) using requests and BeautifulSoup.
β Requirements:
Install dependencies using:
pip install requests beautifulsoup4
π οΈ Python Code: Web Vulnerability Scanner
import requests
from bs4 import BeautifulSoup
from urllib.parse import urljoin
Common payloads
xss_payload = "<script>alert('XSS')</script>"
sql_payload = "' OR '1'='1"
Headers to mimic a browser
headers = {
"User-Agent": "Mozilla/5.0 (VulnerabilityScanner)"
}
def get_forms(url):
"""Extract all forms from a webpage"""
soup = BeautifulSoup(requests.get(url, headers=headers).text, "html.parser")
return soup.find_all("form")
def get_form_details(form):
"""Extract form details like action, method, and inputs"""
details = {}
action = form.attrs.get("action")
method = form.attrs.get("method", "get").lower()
inputs = []
for input_tag in form.find_all("input"):
input_type = input_tag.attrs.get("type", "text")
input_name = input_tag.attrs.get("name")
inputs.append({"type": input_type, "name": input_name})
details["action"] = action
details["method"] = method
details["inputs"] = inputs
return details
def test_form(url, form, payload):
"""Submit form with payload and check for reflection"""
target_url = urljoin(url, form["action"])
data = {}
for input in form["inputs"]:
if input["type"] == "text" or input["type"] == "search":
data[input["name"]] = payload
else:
data[input["name"]] = "test"
if form["method"] == "post":
res = requests.post(target_url, data=data, headers=headers)
else:
res = requests.get(target_url, params=data, headers=headers)
return payload in res.text
def scan_xss(url):
forms = get_forms(url)
print(f"[+] Detected {len(forms)} forms on {url}. Scanning for XSS...")
for i, form in enumerate(forms, 1):
details = get_form_details(form)
if test_form(url, details, xss_payload):
print(f"[!] Possible XSS vulnerability detected in form #{i}")
else:
print(f"[-] Form #{i} looks safe from XSS")
def scan_sql_injection(url):
print(f"[+] Testing {url} for SQL Injection...")
vulnerable = False
for payload in [sql_payload]:
new_url = f"{url}?id={payload}"
res = requests.get(new_url, headers=headers)
errors = ["sql syntax", "mysql", "syntax error", "database error", "warning"]
for error in errors:
if error in res.text.lower():
print(f"[!] SQL Injection vulnerability detected with payload: {payload}")
vulnerable = True
break
if not vulnerable:
print("[-] No SQL Injection vulnerabilities detected")
=== Main Program ===
if name == "main":
target = input("Enter target URL (with http/https): ").strip()
if not target.startswith("http"):
print("[-] Invalid URL. Please include http:// or https://")
else:
scan_sql_injection(target)
scan_xss(target)
π Example usage:
Enter target URL (with http/https): http://testphp.vulnweb.com
π₯οΈ User Input:
Enter target URL (with http/https): http://testphp.vulnweb.com
π€ Scanner Output:
[+] Testing http://testphp.vulnweb.com for SQL Injection...
[!] SQL Injection vulnerability detected with payload: ' OR '1'='1
[+] Detected 2 forms on http://testphp.vulnweb.com. Scanning for XSS...
[!] Possible XSS vulnerability detected in form #1
[-] Form #2 looks safe from XSS
β Interpretation:
SQL Injection: Found β The response contained known SQL error strings when a malicious payload was injected.
XSS:
Form #1: Vulnerable β The injected script was reflected in the response.
Form #2: Not vulnerable β The script did not reflect or get executed.