Ransh0987/vulnerability-scanner-project
GitHub: Ransh0987/vulnerability-scanner-project
一个使用 Python 实现的基础 Web 漏洞扫描器,通过爬取网页并向表单注入 SQL 注入和 XSS 载荷来自动检测潜在安全漏洞。
Stars: 0 | Forks: 0
# 漏洞扫描器项目
import requests
from bs4 import BeautifulSoup
from urllib.parse import urljoin, urlparse
class WebScanner:
def __init__(self, start_url):
self.start_url = start_url
self.visited_urls = set()
self.target_domain = urlparse(start_url).netloc
self.sqli_payloads = ["'", "' OR 1=1 --"]
self.xss_payloads = [""]
```
def crawl(self, url=None):
url = url or self.start_url
if url in self.visited_urls or urlparse(url).netloc != self.target_domain:
return
self.visited_urls.add(url)
try:
response = requests.get(url, timeout=5)
soup = BeautifulSoup(response.text, 'html.parser')
self.extract_forms(soup, url)
for a in soup.find_all('a', href=True):
self.crawl(urljoin(url, a['href']))
except: pass
def extract_forms(self, soup, url):
for form in soup.find_all('form'):
action = urljoin(url, form.get('action', ''))
method = form.get('method', 'get').lower()
inputs = [{'name': i.get('name'), 'type': i.get('type', 'text')}
for i in form.find_all(['input', 'textarea']) if i.get('name')]
self.test_vulns(action, method, inputs)
def test_vulns(self, url, method, inputs):
for payload in self.sqli_payloads + self.xss_payloads:
data = {i['name']: payload for i in inputs}
res = requests.post(url, data=data) if method == 'post' else requests.get(url, params=data)
if payload in res.text:
print(f"[!] Potential vulnerability at {url} with {payload}")
```
if __name__ == "__main__":
WebScanner("http://testphp.vulnweb.com").crawl()
标签:BeEF, CISA项目, DOE合作, Python, Splunk, Web安全, 加密, 无后门, 漏洞扫描器, 爬虫, 蓝队分析, 逆向工具