z30r0x/Web_Vulnerability_Scanner

# 🔍 Web 安全扫描器 一个轻量级的多线程 Python 工具，用于爬取目标网站并自动探测发现的每个页面是否存在常见 Web 漏洞。 ## 功能 | 检查项 | 检测内容 | |---|---| | **SQL 注入** | GET 参数在注入 SQL 载荷后返回的数据库错误信息 | | **跨站脚本 (XSS)** | GET 参数在 HTML 响应中反射原始脚本载荷 | | **敏感信息泄露** | 页面源码中暴露的电子邮件地址、电话号码、SSN 和内嵌 API 密钥 | 附加功能： - 可配置深度限制的递归链接爬虫 - 用于快速并发扫描的线程池 - 彩色实时终端输出 - 单会话 HTTP 客户端（连接池 + Cookie 持久化） ## 要求 - Python 3.8+ - 以下依赖包（参见 `requirements.txt`）： ``` requests beautifulsoup4 colorama urllib3 ``` 使用以下命令安装： ``` pip install -r requirements.txt ``` ## 用法 ``` python scanner.py ``` **示例：** ``` python scanner.py https://example.com ``` ### 选项 可以通过直接实例化 `WebSecurityScanner` 来自定义扫描器： ``` from scanner import WebSecurityScanner scanner = WebSecurityScanner( target_url="https://example.com", max_depth=2 # How many links deep to crawl (default: 3) ) vulnerabilities = scanner.scan() ``` ## 示例输出 ``` Starting security scan of https://example.com [*] Crawling target… [*] Crawl complete. 14 URL(s) discovered. [*] Running vulnerability checks… [VULNERABILITY FOUND] type: SQL Injection url: https://example.com/products?id=1 parameter: id payload: ' [VULNERABILITY FOUND] type: Sensitive Information Exposure url: https://example.com/contact info_type: email match_count: 3 Scan Complete! Total URLs scanned : 14 Vulnerabilities found : 2 ``` ## 项目结构 ``` . ├── scanner.py # Main scanner — crawler + all vulnerability checks └── requirements.txt # Python dependencies ``` ## 工作原理 ``` 1. Crawl └─ Starts at └─ Follows every internal link, up to max_depth hops └─ Stores all discovered URLs (duplicates skipped via a visited set) 2. Scan (concurrent, 5 threads) ├─ check_sql_injection — mutates each GET param with SQL payloads, │ looks for DB error strings in the response ├─ check_xss — injects script payloads into each GET param, │ checks if the payload is reflected verbatim └─ check_sensitive_info — regex-scans the full response body for emails, phone numbers, SSNs, API keys 3. Report └─ Each finding is printed immediately and appended to vulnerabilities[] └─ Final summary printed after all threads complete ``` ## 限制与免责声明 - 仅测试 **GET 参数**；不测试 POST 表单或 JSON API。 - SQL 注入检测依赖 **基于错误的启发式方法**；无法检测盲注或基于时间的注入。 - XSS 检测仅为 **反射型**；无法检测存储型或基于 DOM 的 XSS。 - 故意忽略 SSL 证书错误，以便扫描测试环境。