RohitKumarReddySakam/vuln-scanner

GitHub: RohitKumarReddySakam/vuln-scanner

一个基于 Flask 的被动式 Web 安全扫描器,自动化检查安全头、TLS、端口与表单并提供 CVSS 风险分级。

Stars: 0 | Forks: 0

[![Python](https://img.shields.io/badge/Python-3.11+-3776AB?style=for-the-badge&logo=python&logoColor=white)](https://python.org) [![Flask](https://img.shields.io/badge/Flask-3.0-000000?style=for-the-badge&logo=flask&logoColor=white)](https://flask.palletsprojects.com) [![OWASP](https://img.shields.io/badge/OWASP-Top_10_2021-FF0000?style=for-the-badge)](https://owasp.org/Top10/) [![CVSS](https://img.shields.io/badge/CVSS-v3.1-F97316?style=for-the-badge)](https://www.first.org/cvss/) [![License](https://img.shields.io/badge/License-MIT-22C55E?style=for-the-badge)](LICENSE) [![Plugins](https://img.shields.io/badge/Plugins-5_Scan_Modules-64ffda?style=flat-square)](.) [![Checks](https://img.shields.io/badge/Checks-50+-64ffda?style=flat-square)](.) [![Reports](https://img.shields.io/badge/Reports-HTML_%2B_JSON-64ffda?style=flat-square)](.) [![Passive](https://img.shields.io/badge/Mode-Passive_Only-22c55e?style=flat-square)](.) ## 🎯 Purpose 手动 Web 安全评估涉及检查数十个头信息、测试 TLS、探测路径以及分析表单——这些操作重复且容易出错。VulnScanner 自动化了这一切: | Plugin | Checks | Top Finding | |--------|--------|------------| | `web_headers` | 12 个头信息检查 | 缺少 HSTS、CSP、通配符 CORS | | `ssl_checker` | TLS 版本、证书、密码套件 | TLS 1.0、证书过期 | | `open_ports` | 21 个服务配置文件 | Telnet 9.8、Redis 9.8 | | `web_crawler` | URL 发现 + 20 个路径探测 | `/.env`、`/.git/config` 可访问 | | `forms_checker` | CSRF、明文密码、autocomplete | 缺少 CSRF 令牌 | ## 🏗️ Architecture ``` Target URL │ POST /api/scan ▼ ┌───────────────────────────────────────────────┐ │ Scan Runner (background thread) │ │ │ │ 1. HTTP fetch Headers + cookies + HTML │ │ 2. web_headers 12 security header checks │ │ 3. ssl_checker TLS + certificate analysis │ │ 4. open_ports 21 service port profiles │ │ 5. web_crawler URL + sensitive path probes │ │ 6. forms_checker CSRF + password field check │ └──────────────────────┬────────────────────────┘ │ ┌───────────────▼──────────────┐ │ CVSS Calculator │ │ Per-finding scores │ │ Composite 0–10 │ │ Grade A+ to F │ └───────────────┬──────────────┘ │ ┌───────────────▼──────────────┐ │ HTML Report (standalone) │ │ JSON Report (structured) │ └──────────────────────────────┘ ``` ## 🔍 Scan Plugins
🔒 web_headers — 12 个安全头信息检查 | Finding | Severity | CVSS | |---------|----------|------| | 缺少 Strict-Transport-Security | HIGH | 6.1 | | 缺少 Content-Security-Policy | HIGH | 6.1 | | 缺少 X-Content-Type-Options | MEDIUM | 4.3 | | 缺少 X-Frame-Options | MEDIUM | 4.3 | | 通配符 CORS (Access-Control: *) | MEDIUM | 5.4 | | 暴露 Server 头 | LOW | 2.6 | | 暴露 X-Powered-By 头 | LOW | 2.6 |
🔐 ssl_checker — TLS 配置 | Finding | Severity | CVSS | |---------|----------|------| | 支持 TLS 1.0 (POODLE) | HIGH | 7.4 | | 支持 TLS 1.1 | HIGH | 7.4 | | 证书过期 | CRITICAL | 9.1 | | 将在 < 30 天内过期 | MEDIUM | 5.3 | | 弱密码套件 (RC4/DES/EXPORT) | HIGH | 7.4 |
🔌 open_ports — 21 个服务配置文件 | Service | Port | Severity | CVSS | |---------|------|----------|------| | Telnet | 23 | CRITICAL | 9.8 | | Redis | 6379 | CRITICAL | 9.8 | | MongoDB | 27017 | CRITICAL | 9.8 | | SMB | 445 | HIGH | 8.1 | | RDP | 3389 | HIGH | 8.1 | | FTP | 21 | HIGH | 7.5 |
🕷️ web_crawler + forms_checker - 最多爬取 20 个页面(深度 2) - 探测 20 个敏感路径:`/.env`、`/.git/config`、`/wp-config.php`、`/admin`… - 检测 POST 表单中的 CSRF 令牌 - 检测通过 HTTP 提交的密码字段 - 验证 autocomplete 属性
## ⚡ Quick Start ``` # Clone the repository git clone https://github.com/RohitKumarReddySakam/vuln-scanner.git cd vuln-scanner # Setup python3 -m venv venv && source venv/bin/activate pip install -r requirements.txt cp .env.example .env # Run python app.py # → http://localhost:5007 ``` ### 🐳 Docker ``` git clone https://github.com/RohitKumarReddySakam/vuln-scanner.git cd vuln-scanner docker build -t vuln-scanner . docker run -p 5007:5007 vuln-scanner ``` ## 🔌 API Reference ``` # Start scan POST /api/scan { "url": "https://example.com", "plugins": ["web_headers", "ssl_checker", "open_ports", "web_crawler", "forms_checker"] } # Get results GET /api/scan/ # Download HTML report GET /api/report//html # Download JSON report GET /api/report//json ``` ## 📁 Project Structure ``` vuln-scanner/ ├── app.py # Flask application & REST API ├── wsgi.py # Gunicorn entry point ├── config.py ├── requirements.txt ├── Dockerfile │ ├── plugins/ │ ├── web_headers.py # 12 security header checks │ ├── ssl_checker.py # TLS + certificate analysis │ ├── open_ports.py # 21 service port profiles │ ├── web_crawler.py # URL + path discovery │ └── forms_checker.py # CSRF + password analysis │ ├── core/ │ ├── cvss_calculator.py # CVSS v3.1 + risk grades │ └── report_generator.py # HTML + JSON reports │ ├── templates/ # Dashboard, Results, Reports ├── static/ # CSS + JavaScript └── tests/ # 18 pytest tests ``` ## 👨‍💻 Author **Rohit Kumar Reddy Sakam** *DevSecOps Engineer & Security Researcher* [![LinkedIn](https://img.shields.io/badge/LinkedIn-Rohit_Kumar_Reddy_Sakam-0077B5?style=for-the-badge&logo=linkedin&logoColor=white)](https://linkedin.com/in/rohitkumarreddysakam) [![GitHub](https://img.shields.io/badge/GitHub-RohitKumarReddySakam-181717?style=for-the-badge&logo=github&logoColor=white)](https://github.com/RohitKumarReddySakam) [![Portfolio](https://img.shields.io/badge/Portfolio-srkrcyber.com-64FFDA?style=for-the-badge&logo=safari&logoColor=black)](https://srkrcyber.com)
**⭐ Star this repo if it helped you!** [![Star](https://img.shields.io/github/stars/RohitKumarReddySakam/vuln-scanner?style=social)](https://github.com/RohitKumarReddySakam/vuln-scanner) MIT License © 2025 Rohit Kumar Reddy Sakam
标签:CORS, CSP, CSRF, CVSS v3.1, DNS枚举, .env扫描, Flask, Git配置泄露, GraphQL安全矩阵, HSTS, HTML报告, HTTPS检查, JSON报告, OWASP Top 10, Python, SEO安全关键词, Snort++, Splunk, SSL/TLS检查, TLS版本检测, TypeScript, Web漏洞扫描, Web爬虫, 反取证, 安全扫描器, 安全插件, 安全标准, 安全标头检查, 安全评估, 密码表单检查, 弱密码, 数据统计, 无后门, 端口扫描, 结构化查询, 网络安全工具, 自动化安全, 被动安全, 被动扫描, 证书过期, 路径遍历, 逆向工具