jiang234511/web-vulnerability-scanner

# Web Vulnerability Scanner A Python-based web vulnerability scanner that detects SQL Injection and XSS vulnerabilities. Built for educational purposes and security testing with proper authorization. ## Features - **SQL Injection Detection** — Error-based and time-based blind detection - **XSS Detection** — Reflected XSS with multiple payload variants - **Form Crawling** — Automatically extracts and tests forms - **URL Parameter Testing** — Tests query string parameters - **Multi-threaded** — Fast scanning with configurable threads - **HTML Report** — Generate readable scan reports ## Usage # Install dependencies pip install -r requirements.txt # Basic scan python scanner.py -u http://target-site.com # With more threads (faster) python scanner.py -u http://target-site.com -t 10 # Generate HTML report python scanner.py -u http://target-site.com --html ## How it works 1. **Crawl** — Visits the target page, extracts forms and URL parameters 2. **SQL Injection Test** — Injects SQL payloads and checks for DB error messages, then tests time-based blind injection with SLEEP() calls 3. **XSS Test** — Injects XSS payloads and checks if they are reflected in the response 4. **Report** — Outputs findings to console and optionally saves an HTML report ## Disclaimer For educational and authorized testing purposes only. Always obtain permission before scanning any system.