sayan9168/sayan-sec-tool

# 🔬 Sayan-Sec-Tool Advanced web security research framework built with Python. Designed for learning ethical hacking, vulnerability assessment, and security research. ## 🎯 Purpose - 📚 Learn web security concepts hands-on - 🔍 Practice vulnerability detection techniques - 🧪 Research security mechanisms in controlled environments - 💼 Build portfolio for cybersecurity career ## ⚠️ Legal Disclaimer This tool is for EDUCATIONAL and RESEARCH purposes only. ✅ DO: - Use on your own systems/labs - Test on intentionally vulnerable apps (DVWA, WebGoat, etc.) - Use in CTF competitions - Test with written authorization ❌ DON'T: - Scan systems without explicit permission - Use for malicious purposes - Attack production systems - Violate any laws or terms of service Unauthorized access to computer systems is illegal under: - India: IT Act 2000, Section 43, 66 - International: CFAA (US), Computer Misuse Act (UK), etc. ## 🚀 Quick Start ### Prerequisites ```bash Python 3.8+ pip install -r requirements.txt ### Usage Modes #### 🔍 Scan Mode (CLI) # Basic scan with all modules python main.py https://target.com --all # Specific modules python main.py https://target.com --sqli --xss -d 2 # Save report python main.py https://target.com --all --report #### 🌐 Proxy Mode # Start MITM proxy python main.py -m proxy -p 8080 # Then configure browser: # Proxy: 127.0.0.1:8080 # Install mitmproxy CA cert for HTTPS #### 🖥️ GUI Mode python main.py -m gui # Or directly: python -m ui.gui ## 📁 Project Structure sayan-sec-tool/ ├── core/ # Core engine modules ├── modules/ # Vulnerability detection plugins ├── ui/ # User interface (Tkinter) ├── config.py # Global configuration ├── main.py # Entry point └── requirements.txt ## 🧩 Features ### 🔐 Security Modules | Module | Description | Severity Levels | |--------|-------------|----------------| | `sqli_detector` | Error/Time/Union-based SQLi detection | HIGH, CRITICAL | | `xss_detector` | Reflected/DOM-based XSS detection | MEDIUM, HIGH | | `info_leak` | Sensitive data exposure detection | LOW → CRITICAL | ### 🛠️ Core Capabilities - 🕷️ Multi-threaded web crawler - 🔄 Request repeater for manual testing - 🌐 MITM proxy with traffic analysis - 📊 JSON report generation - 🎨 Simple Tkinter GUI ## 🧪 Testing Targets (Safe for Learning) # Intentionally vulnerable apps: http://testphp.vulnweb.com # Acunetix test site http://dvwa.local # DVWA (install locally) http://webgoat.local # OWASP WebGoat http://juice-shop.local # OWASP Juice Shop ## 🔧 Development ### Add New Module 1. Create `modules/new_feature.py` 2. Implement `scan(url, session) -> List[Dict]` 3. Return findings with: `type, url, severity, evidence` ### Run Tests # Test on local lab python main.py http://localhost:8000 --all --report # Check code quality flake8 . --count --select=E9,F63,F7,F82 --show-source ## 📚 Learning Resources - [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/) - [PortSwigger Web Security Academy](https://portswigger.net/web-security) - [CEH v12 Official Curriculum](https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/) ## 📄 License MIT License - For educational use only. See LICENSE file.