Vuln Scanner With Python

Overview

VulnScanner

Code

Version Language GitHub Repo stars


Features

Web Application Firewall (WAF) detection.

Cross Site Scripting (XSS) tests.

SQL injection time based test.

SQL injection error based test.

Local File Inclusion (LFI) test.

Cross Site Tracing (XST) test.


How To Run

git clone https://github.com/NullS0UL/VulnScanner

cd VulnScanner

python3 vulnscan.py http://example.com/page.php?cat=1

Example of Output

python3 vulnscan.py http://example.com/page.php?cat=1

[*] No WAF Detected.

Target: http://example.com/page.php?cat=1

Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1

[!] Testing Cross Site Scripting (XSS)
[!] 10 Payloads.
[+] 9 Payloads were found.

[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>

[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E

[!] Testing SQLInjection
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)

[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='

[!] Testing Local File Inclussion (LFI)
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd


[!] Testing Cross Site Tracing (XST)
[*] This site seems vulnerable to Cross Site Tracing (XST)!


Discaimer

Usage of the VulnScanner for attack targets without prior mutual consent is illegal. 
It is the end user's responsability to obey all applicable local, state, federal and international laws. 
Developer assume no liability and not responsible for any misuse or damage caused by this program.

Find me on

Facebook Telegram

Visit my Blog Site

  • Blogs
  • Owner
    < / N u l l S 0 U L >
    Use your brain , Make GOOGLE your friend 😘
    < / N u l l S 0 U L >
    MayorSec DNS Enumeration Tool

    MayorSecDNSScan MSDNSScan is used to identify DNS records for target domains and check for zone transfers. There really isn't much special about it, a

    Joe Helle 68 Dec 12, 2022
    Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

    Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the conte

    hashlookup 96 Dec 20, 2022
    ssh-audit is a tool for ssh server & client configuration auditing.

    SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

    Joe Testa 1.4k Dec 31, 2022
    Malware-analysis-writeups - Some of my Malware Analysis writeups

    About This repo contains some malware analysis writeups i've created over time m

    Itay Migdal 14 Jun 22, 2022
    Strapi Framework Vulnerable to Remote Code Execution

    CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

    Dasith Vidanage 7 Mar 08, 2022
    Generate MIPS reverse shell shellcodes easily !

    MIPS-Reverse MIPS-Reverse is a tool that can generate shellcodes for the MIPS architecture that launches a reverse shell where you can specify the IP

    29 Jul 27, 2021
    Worm/Trojan/Ransomware/apt/Rootkit/Virus Database

    Pestilence - The Malware Database [] Screenshot Pestilence is a project created to make the possibility of malware analysis open and available to the

    *ERR0R* 47 Dec 21, 2022
    Windows Virus who destroy some impotants files on C:\windows\system32\

    psychic-robot Windows Virus who destroy some importants files on C:\windows\system32\ Signatures of psychic-robot.PY (python file) : Bkav Pro : ASP.We

    H-Tech-Dev36 1 Jan 06, 2022
    DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

    DepFine DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE Installation: You Can inst

    Hossam mesbah 14 Nov 11, 2022
    A passive-recon tool that parses through found assets and interacts with the Hackerone API

    Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to

    elbee 4 Jan 13, 2022
    You can manage your password with this program.

    You must have Python compilers in order to run this program. First of all, download the compiler in the link.

    Mustafa Bahadır Doğrusöz 6 Aug 07, 2021
    The best Python Backdoor👌

    Backdoor The best Python Backdoor Files Server file is used in all of cases If client is Windows, the client need execute EXE file If client is Linux,

    13 Oct 28, 2022
    A proxy for asyncio.AbstractEventLoop for testing purposes

    aioloop-proxy A proxy for asyncio.AbstractEventLoop for testing purposes. When tests writing for asyncio based code, there are controversial requireme

    aio-libs 12 Dec 12, 2022
    Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.

    RITA (Real Intelligence Threat Analytics) in Jupyter Notebook RITA is an open source framework for network traffic analysis sponsored by Active Counte

    Mehmet E. 157 Nov 24, 2022
    Growtopia Save.dat Stealer

    savedat-stealer Growtopia Save.dat Stealer (Auto Send To Webhook) How To Use After Change Webhook URL Compile script to exe Give to target Done Info C

    NumeX 9 May 01, 2022
    This is a js front-end encryption blasting account and password tools

    Author:0xAXSDD By Gamma安全实验室 version:1.0 explain:这是一款用户绕过前端js加密进行密码爆破的工具,你无需在意js加密的细节,只需要输入你想要爆破url,以及username输入框的classname,password输入框的clas

    75 Nov 25, 2022
    Getting my gitlab commit history into github

    🔰 ᵀᴱᴸᴱᴳᴿᴬᴹ ᴴᴬᶜᴷ ᴮᴼᵀ 🔰 The owner would not be responsible for any kind of bans due to the bot. • ⚡ INSTALLING ⚡ • • 🛠️ Lᴀɴɢᴜᴀɢᴇs Aɴᴅ Tᴏᴏʟs 🔰 • If

    Santiago Chiesa 1 Dec 24, 2021
    PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

    PwdGen ( Password Generator ) is a Python Tkinter tool for generating secure 16 digit passwords. Installation Simply install requirements pip install

    zJairO 7 Jul 14, 2022
    Colin O'Flynn's Hacakday talk at Remoticon 2021 support repo.

    Hardware Hacking Resources This repo holds some of the examples used in Colin's Hardware Hacking talk at Remoticon 2021. You can see the very sketchy

    Colin O'Flynn 19 Sep 12, 2022
    User-friendly reference finder in IDA

    IDARefHunter Updated: This project's been introduced on IDA Plugin Contest 2021! Why do we need RefHunter? Getting reference information in one specif

    Jiwon 29 Dec 04, 2022