Vuln Scanner With Python

Overview

VulnScanner

Code

Version Language GitHub Repo stars


Features

Web Application Firewall (WAF) detection.

Cross Site Scripting (XSS) tests.

SQL injection time based test.

SQL injection error based test.

Local File Inclusion (LFI) test.

Cross Site Tracing (XST) test.


How To Run

git clone https://github.com/NullS0UL/VulnScanner

cd VulnScanner

python3 vulnscan.py http://example.com/page.php?cat=1

Example of Output

python3 vulnscan.py http://example.com/page.php?cat=1

[*] No WAF Detected.

Target: http://example.com/page.php?cat=1

Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1

[!] Testing Cross Site Scripting (XSS)
[!] 10 Payloads.
[+] 9 Payloads were found.

[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>

[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E

[!] Testing SQLInjection
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)

[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='

[!] Testing Local File Inclussion (LFI)
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd


[!] Testing Cross Site Tracing (XST)
[*] This site seems vulnerable to Cross Site Tracing (XST)!


Discaimer

Usage of the VulnScanner for attack targets without prior mutual consent is illegal. 
It is the end user's responsability to obey all applicable local, state, federal and international laws. 
Developer assume no liability and not responsible for any misuse or damage caused by this program.

Find me on

Facebook Telegram

Visit my Blog Site

  • Blogs
  • Owner
    < / N u l l S 0 U L >
    Use your brain , Make GOOGLE your friend ๐Ÿ˜˜
    < / N u l l S 0 U L >
    A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities

    master_librarian A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo pyth

    CoolerVoid 167 Dec 19, 2022
    CSAW 2021 writeups

    CSAW 2021 Writeups Challenge Category Solved by The Magic Modbus ics root2thrill Lazy Leaks Forensics root2thrill Poem Collection warm-up root2thrill

    7 Oct 06, 2021
    Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

    Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

    zeze 1 Jan 13, 2022
    NFC Implant-base RSA Encrypted Messagging application

    Encrypted messaging application with the use of MIFARE DESfire chip to store the private/public keys needed for the application authentication

    4 Nov 06, 2021
    A Python application to predict what is cooking

    ez-cuisine-classifier A Python application to predict what is cooking Environment Python 3.9 Windows 10 Install python -m venv venv .\venv\Scripts\act

    Zeheng Li 1 Jun 21, 2022
    AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

    AnonStress Stored XSS Exploit An exploit and demonstration on how to exploit a S

    ุตู„ู‰ ุงู„ู„ู‡ ุนู„ู‰ ู…ุญู…ุฏ ูˆุขู„ู‡ 3 Jun 22, 2022
    On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

    ApacheRCE ApacheRCE is a small little python script that will allow you to input the apache version 2.4.49-2.4.50 and then input a list of ip addresse

    3 Dec 04, 2022
    PKUAutoElective for 2021 spring semester

    PKUAutoElective 2021 Spring Version Update at Mar 7 15:28 (UTC+8): ไฟฎๆ”นไบ† get_supplement ็š„ API ๅ‚ๆ•ฐ๏ผŒๅทฒ็ปๅฏไปฅๅฎž็Žฐ่ฏพ็จ‹ๅˆ—่กจ้กต้ข็š„ๆญฃๅธธ่ทณ่ฝฌ๏ผŒ่ฏทๆ›ดๆ–ฐ่‡ณๆœ€ๆ–ฐ commit ็‰ˆๆœฌ ๆœฌ้กน็›ฎๅŸบไบŽ PKUAutoElectiv

    Zihan Mao 84 Sep 09, 2022
    Burp Extensions

    Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru

    /XNL-h4ck3r 364 Dec 30, 2022
    Script checks provided domains for log4j vulnerability

    log4j Script checks provided domains for log4j vulnerability. A token is created with canarytokens.org and passed as header at request for a single do

    Matthias Nehls 2 Dec 12, 2021
    Docker Compose based system for running remote browsers (including Flash and Java support) connected to web archives

    pywb Remote Browsers This repository provides a simple configuration for deploying any pywb with remote browsers provided by OWT/Shepherd Remote Brows

    Webrecorder 10 Jul 28, 2022
    RedTeam-Security - In this repo you will get the information of Red Team Security related links

    OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

    Abhinav Pathak 5 May 18, 2022
    CodeTestไฟกๆฏๆ”ถ้›†ๅ’Œๆผๆดžๅˆฉ็”จๅทฅๅ…ท

    CodeTestไฟกๆฏๆ”ถ้›†ๅ’Œๆผๆดžๅˆฉ็”จๅทฅๅ…ท๏ผŒๅฏๅœจ่ฟ›่กŒๆธ—้€ๆต‹่ฏ•ไน‹ๆ—ถๆ–นไพฟๅˆฉ็”จ็›ธๅ…ณไฟกๆฏๆ”ถ้›†่„šๆœฌ่ฟ›่กŒไฟกๆฏ็š„่Žทๅ–ๅ’Œ้ชŒ่ฏๅทฅไฝœ๏ผŒๆผๆดžๅˆฉ็”จๆจกๅ—ๅฏ้€‰ๆ‹ฉ้œ€่ฆๆต‹่ฏ•็š„ๆผๆดžๆจกๅ—๏ผŒๆˆ–่€…้€‰ๆ‹ฉๆ‰€ๆœ‰ๆจกๅ—ๆต‹่ฏ•๏ผŒๅŒ…ๅซCVE-2020-14882, CVE-2020-2555็ญ‰๏ผŒๅฏ่‡ชๅทฑๆ”ถ้›†่„šๆœฌๅŽๆŒ‰็…งๆจกๆฟ่ฟ›่กŒไฟฎๆ”นใ€‚

    23 Mar 18, 2021
    Tools to make working the Arch Linux Security Tracker easier

    This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

    Jonas Witschel 6 Jul 13, 2022
    Blinder is a tool that will help you simplify the exploitation of blind SQL injection

    Blinder Have you found a blind SQL injection? Great! Now you need to export it, but are you too lazy to sort through the values? Most likely,

    10 Dec 06, 2022
    Script Crack Facebook Elite ๐Ÿšถโ€โ™‚

    elite Script Crack Facebook Elite ๐Ÿšถโ€โ™‚ Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install git $ pkg install python $ pip

    Yumasaa 1 Jan 02, 2022
    An Advanced Local Network IP Scanner, made in python of course!

    โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ€ƒโ€ƒ โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ€ƒโ€ƒโ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆ

    Polsulpicien 2 Dec 18, 2021
    Malware arcane - Scripts and notes on my malware analysis journey

    Malware Arcane Repository of notes and scripts I use when doing malware analysis

    Make your own huge Wordlist with advanced options

    #It's my first tool i hope to be useful for everyone, Make your own huge Wordlist with advanced options, You need python3 to run this tool, If you hav

    0.1Arafa 6 Dec 08, 2022
    This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

    This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where t

    Tobias 5 May 31, 2022