sreer22/VulnScan-Pro-Web-Application-Vulnerability-Scanner

# VulnScan Pro — Web Application Vulnerability Scanner A mini project submitted in partial fulfillment for the award of Bachelor of Engineering in Cyber Security Mahendra Engineering College (Autonomous), Namakkal – 637 503 ## Academic Year: 2025–2026 # 👥 Team Members ## Name - Register Number 1. Sreeyakeshrajan T - 6113231281086 2. Tharanidharan M - 6113231281090 3. Sureshkumar P - 6113231281088 4. Praveen K R - 611323128 3807 ### Supervisor: Ms. R. Jananipriya, M.E. ### Head of Department: Dr. A. Neelamadheswari, M.E., Ph.D. # 📌 Abstract VulnScan Pro is an advanced, open-source web application vulnerability scanner built with Python and Flask. It performs multi-dimensional security assessments covering: 1. SQL Injection detection 2. Cross-Site Scripting (XSS) probing 3. CVE matching via server response headers 4. Web Application Firewall (WAF) identification 5. Open port scanning 6. DNS/IP resolution, WHOIS lookup, and subdomain enumeration (via crt.sh) Results are persisted in an SQLite database and viewable through a scan history dashboard. The UI features a dark-themed glass-morphism design with animated loading overlays. # 🛠️ Tech Stack ## Layer - Technology 1. Backend - Python 3, Flask 2. Database - SQLite 3. Frontend - HTML, CSS, JavaScript 4. APIs - crt.sh (Certificate Transparency), NIST NVD 5. Libraries - requests, socket, whois # ✨ Features ## 🔐 SQL Injection Detection: Payload-based testing with error pattern matching ## 🧨 XSS Detection: Reflected XSS probe with response analysis ## 🗂️ CVE Lookup: Server fingerprint matched against a local CVE database ## 🛡️ WAF Detection: Identifies Cloudflare, Sucuri, Incapsula ## 🔌 Port Scanning: Checks common ports (80, 443, 8080, 3306, etc.) ## 🌐 DNS & WHOIS: Domain resolution and registration info ## 📋 Subdomain Enumeration: Via crt.sh Certificate Transparency logs ## 🕓 Scan History Dashboard: Persistent SQLite-backed history with statistics # 📁 Project Structure vulnscan-pro/ │ ├── app.py # Flask application & route handlers ├── scanner.py # Core scanning engine ├── cve_db.py # Local CVE database ├── templates/ │ ├── index.html # Main scanner UI │ └── dashboard.html # Scan history dashboard └── vulnscan.db # SQLite scan history (auto-created) # 🚀 Getting Started ## Prerequisites Bash : pip install flask requests python-whois ## Run the Application Bash : python app.py Then open your browser at: http://127.0.0.1:5000 # 🧪 Modules Overview ## Module - File - Description i) Flask App - app.py - Routes, DB init, scan result handling ii) SQL Injection - scanner.py - Payload injection & SQL error matching iii) XSS Detection - scanner.py - Reflected XSS script probe iv) CVE Lookup - cve_db.py - Static CVE database with severity ratings v) WAF Detection - scanner.py - Header based WAF identification vi) Port Scanner - scanner.py - TCP connect scan on common ports vii) DNS & WHOIS - scanner.py - Domain resolution & registration lookup viii) Dashboard - app.py - SQLite history fetch & template render # 📸 Screenshots ## Screen - Description 1. Fig 9.1 - Main Scanner Interface 2. Fig 9.2 - Animated Loading Screen 3. Fig 9.3 - Scan Results: Blocked Injections + CVE Critical 4. Fig 9.4 - CVE Detail Modal (CVE-2021-26855 Critical) 5. Fig 9.5 - Scan Results: SQL Vulnerable + Open Ports 6. Fig 9.6 - All Safe Scans with CVE & Ports 7. Fig 9.7 - Scan History Dashboard with Statistics # 🔮 Future Enhancements [ ] Blind SQL Injection (time-based & boolean-based) [ ] CSRF detection & security header analysis [ ] Live NVD CVE API integration [ ] PDF report generation [ ] Scheduled/recurring scans [ ] Multi-target batch scanning [ ] Docker containerization # ⚠️ Disclaimer VulnScan Pro is intended strictly for educational purposes, authorized penetration testing, and security research. Scanning any system without explicit permission is illegal and unethical. The authors are not responsible for any misuse of this tool. # 📚 References 1. OWASP Top Ten https://owasp.org/www-project-top-ten/ 2. NIST National Vulnerability Database https://nvd.nist.gov/ 3. MITRE CVE https://cve.mitre.org/ 4. Flask Documentation https://flask.palletsprojects.com/ 5. crt.sh Certificate Search https://crt.sh/ 6. PortSwigger XSS Guide https://portswigger.net/web-security/cross-site-scripting # 📄 License This project was developed as an academic mini project under Mahendra Engineering College (Autonomous). For reuse or extension, please credit the original authors.