Ransh0987/vulnerability-scanner-project

GitHub: Ransh0987/vulnerability-scanner-project

一个使用 Python 实现的基础 Web 漏洞扫描器,通过爬取网页并向表单注入 SQL 注入和 XSS 载荷来自动检测潜在安全漏洞。

Stars: 0 | Forks: 0

# 漏洞扫描器项目 import requests from bs4 import BeautifulSoup from urllib.parse import urljoin, urlparse class WebScanner: def __init__(self, start_url): self.start_url = start_url self.visited_urls = set() self.target_domain = urlparse(start_url).netloc self.sqli_payloads = ["'", "' OR 1=1 --"] self.xss_payloads = [""] ``` def crawl(self, url=None): url = url or self.start_url if url in self.visited_urls or urlparse(url).netloc != self.target_domain: return self.visited_urls.add(url) try: response = requests.get(url, timeout=5) soup = BeautifulSoup(response.text, 'html.parser') self.extract_forms(soup, url) for a in soup.find_all('a', href=True): self.crawl(urljoin(url, a['href'])) except: pass def extract_forms(self, soup, url): for form in soup.find_all('form'): action = urljoin(url, form.get('action', '')) method = form.get('method', 'get').lower() inputs = [{'name': i.get('name'), 'type': i.get('type', 'text')} for i in form.find_all(['input', 'textarea']) if i.get('name')] self.test_vulns(action, method, inputs) def test_vulns(self, url, method, inputs): for payload in self.sqli_payloads + self.xss_payloads: data = {i['name']: payload for i in inputs} res = requests.post(url, data=data) if method == 'post' else requests.get(url, params=data) if payload in res.text: print(f"[!] Potential vulnerability at {url} with {payload}") ``` if __name__ == "__main__": WebScanner("http://testphp.vulnweb.com").crawl()
标签:BeEF, CISA项目, DOE合作, Python, Splunk, Web安全, 加密, 无后门, 漏洞扫描器, 爬虫, 蓝队分析, 逆向工具