Vuln Scanner With Python

Related tags

Security related resourcesVulnScanner
Overview

VulnScanner

Code

Version Language GitHub Repo stars

Features

Web Application Firewall (WAF) detection.

Cross Site Scripting (XSS) tests.

SQL injection time based test.

SQL injection error based test.

Local File Inclusion (LFI) test.

Cross Site Tracing (XST) test.

How To Run

git clone https://github.com/NullS0UL/VulnScanner

cd VulnScanner

python3 vulnscan.py http://example.com/page.php?cat=1

Example of Output

python3 vulnscan.py http://example.com/page.php?cat=1

[*] No WAF Detected.

Target: http://example.com/page.php?cat=1

Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1

[!] Testing Cross Site Scripting (XSS)
[!] 10 Payloads.
[+] 9 Payloads were found.

[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>

[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E

[!] Testing SQLInjection
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)

[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='

[!] Testing Local File Inclussion (LFI)
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd


[!] Testing Cross Site Tracing (XST)
[*] This site seems vulnerable to Cross Site Tracing (XST)!

Discaimer

Usage of the VulnScanner for attack targets without prior mutual consent is illegal. 
It is the end user's responsability to obey all applicable local, state, federal and international laws. 
Developer assume no liability and not responsible for any misuse or damage caused by this program.

Find me on

Facebook Telegram

Visit my Blog Site

  • Blogs

    • Owner
    < / N u l l S 0 U L >
    Use your brain , Make GOOGLE your friend 😘
    < / N u l l S 0 U L >
    GitHub Repository
    Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

    About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202

    Evi1cg 500 Jan 06, 2023
    FTP-Exploits is a tool made in python that contains 4 diffrent types of ftp exploits that can be used in Penetration Testing.

    FTP-exploits FTP-exploits is a tool which is used for Penetration Testing that can run many kinds of exploits on port 21(FTP) Commands and Exploits Ex

    1 Dec 26, 2021
    LittleBrother is a simple parental control application monitoring specific processes on Linux hosts to monitor and limit the play time of children.

    Parental Control Application LittleBrother Overview LittleBrother is a simple parental control application monitoring specific processes (read "games"

    40 Dec 21, 2022
    Magicspoofing - A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name

    A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name. This project is for educational use, we are not responsible for i

    20 Dec 02, 2022
    This repository is one of a few malware collections on the GitHub.

    This repository is one of a few malware collections on the GitHub.

    Andrew 1.7k Dec 28, 2022
    Just another script for automatize boolean-based blind SQL injections.

    SQL Blind Injection Tool A script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwi

    RIM 51 Dec 15, 2022
    RDP Stealer

    RDP Stealer RDP Stealer by lamp Require Python How To Use Download This Source Extract The Zip File Change webhook url Convert to exe send to target I

    Lamp 14 Nov 26, 2022
    Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

    django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

    Adam Johnson 76 Nov 30, 2022
    OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

    OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238. It generates and validates OTPs based

    1 Nov 15, 2021
    Script Crack Facebook Elite 🚶‍♂

    elite Script Crack Facebook Elite 🚶‍♂ Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install git $ pkg install python $ pip

    Yumasaa 1 Jan 02, 2022
    Security System using OpenCV

    Security-System Security System using OpenCV Files in this Repository: email_send.py - This file contains python code to send an email when something

    Mehul Patwari 1 Oct 28, 2021
    A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

    This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

    2.1k Dec 25, 2022
    Confluence Server Webwork OGNL injection

    CVE-2021-26084 - Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user and in some in

    Fellipe Oliveira 295 Jan 06, 2023
    GRR Rapid Response: remote live forensics for incident response

    GRR Rapid Response is an incident response framework focused on remote live forensics. Build Type Status Tests End-to-end Tests Windows Templates Linu

    Google 4.3k Jan 05, 2023
    Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

    log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

    Víctor García 187 Jan 03, 2023
    ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

    ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF-GetWebShell) usage: python ProxyLogon.py --host=exchang

    112 Dec 01, 2022
    IDA plugin for quickly copying disassembly as encoded hex bytes

    HexCopy IDA plugin for quickly copying disassembly as encoded hex bytes. This whole plugin just saves you two extra clicks... but if you are frequentl

    OALabs 46 Oct 30, 2022
    CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware.

    CVE-2021-43936 CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware. This vulnerability w

    Jeremiasz Pluta 8 Jul 05, 2022
    AutoScan 有多个目标时,调用xray+rad进行自动扫描

    Usage: 在高级版Xray和rad同目录下运行 python3 X-AutoXray.py xxxx.txt 写的蛮人性化的哦,os,linux,windows通用 生成的xray报告会在当前目录的/result下面 Ctrl+c 打断脚本运行时还可以结算扫描进度,生成已扫描和未扫描的进度文件,

    斯文 73 Jan 01, 2023
    Open-source keylogger write in python

    Python open-source keylogger Language Python open-source keylogger using pynput module Using Install dependences in archive setup.py or install.sh in

    Dio brando 4 Jan 15, 2022