MohidAkbar/VulnScanner
GitHub: MohidAkbar/VulnScanner
一款带有赛博朋克风格 GUI 的 Web 漏洞扫描器,集成安全头检测、敏感文件扫描、目录枚举、SQL 注入、XSS 检测和端口扫描六大模块。
Stars: 0 | Forks: 0
# 🛡️ VulnScanner Pro v2.0



一款具有精美赛博朋克 GUI 的专业 Web 漏洞扫描器。专为安全研究人员、渗透测试人员以及网络安全学生打造。
## ✨ 功能
### 🔍 6 大扫描模块
- **安全标头** — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
- **暴露的文件** — .git/config, .env, 备份文件, phpinfo, 后台管理面板等 15+ 个敏感文件
- **目录枚举** — 25+ 个常见目录(admin, backup, .git, wp-content 等)
- **SQL 注入** — 使用多个 payload 进行基于表单和 URL 参数的测试
- **XSS 检测** — 对输入表单进行反射型跨站脚本测试
- **端口扫描器** — 包含服务识别的 16 个端口扫描(FTP, SSH, MySQL, RDP 等)
### 🎨 GUI 特性
- 🎯 带有实时粒子动画的赛博朋克暗色主题
- 📊 实时严重性统计(严重/高/中/低/信息)
- 🧪 一键预设测试目标
- 📁 带有时间戳的扫描历史记录
- 📊 包含扫描分析数据的仪表板
- 📥 一键导出报告(.txt)
- 📱 完全响应式设计
## 🛠️ 技术栈
| 层级 | 技术 |
|-------|-----------|
| 后端 | Python 3 + Flask |
| 前端 | HTML5 + CSS3 + Vanilla JavaScript |
| 扫描引擎 | Requests, BeautifulSoup4, Socket |
| 数据存储 | JSON(扫描历史记录) |
| 打包 | PyInstaller (.exe) |
## 📦 安装说明
```
git clone https://github.com/MohidAkbar/VulnScanner.git
cd VulnScanner
pip install -r requirements.txt
python app.py
Open your browser at: http://127.0.0.1:5000
Windows EXE
Download VulnScannerPro.exe from Releases and double-click. No Python required!
🎯 Usage
Launch the application
Enter a target URL or click a preset
Click ▶ Scan Now
View results with severity levels
Click 📥 Export Report to download results
Test Targets
URL Description
https://testphp.vulnweb.com Acunetix test site (safe to scan)
http://scanme.nmap.org Nmap port scan test
https://httpbin.org HTTP request testing
📁 Project Structure
text
VulnScanner/
├── app.py # Main Flask server
├── scanner/
│ ├── headers.py # Security headers checker
│ ├── files.py # Exposed files scanner
│ ├── dirs.py # Directory enumeration
│ ├── sqli.py # SQL injection tests
│ ├── xss.py # XSS detection
│ └── ports.py # Port scanner
├── templates/
│ └── index.html # Cyberpunk GUI
├── requirements.txt # Python dependencies
└── README.md
⚠️ Disclaimer
FOR EDUCATIONAL AND AUTHORIZED TESTING ONLY. Only scan websites you own or have explicit permission to test. The author is not responsible for misuse.
👨💻 Author
Mohid Akbar
🎓 BS Cybersecurity — UMT Lahore
💼 LinkedIn
📧 GitHub
📄 License
MIT License
⭐ Star this repo if you find it useful!
text
---
Go to GitHub → README → Edit (pencil icon) → Delete everything → Paste this → Commit.
It will render perfectly now.
```
标签:CISA项目, DInvoke, Flask, Python, Web安全, 主机安全, 加密, 后端开发, 字符串匹配, 插件系统, 数据可视化, 无后门, 漏洞扫描器, 漏洞挖掘, 蓝队分析, 逆向工具