Skip to content
/ vulnerability_scanner Public

Vulnerability scanner tested on DVWA, adaptable for detecting XSS, SQL injection, CSRF, and more on various websites.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Lakshminarayan-p/vulnerability_scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
README.md
README.md
 
 
scanner.py
scanner.py
 
 
vulnerability_scanner.py
vulnerability_scanner.py
 
 

Repository files navigation

Vulnerability Scanner for DVWA

This Python-based vulnerability scanner is designed to test for common web vulnerabilities in the Damn Vulnerable Web Application (DVWA). It automates the process of crawling through web pages, identifying forms, and testing for vulnerabilities such as XSS, SQL injection, command injection, CSRF, and file inclusion.

Features

  • XSS Detection: Identifies Cross-Site Scripting vulnerabilities in forms and URLs.
  • SQL Injection Detection: Tests for SQL Injection vulnerabilities in forms and URLs.
  • Command Injection Detection: Checks for Command Injection vulnerabilities in URLs.
  • CSRF Detection: Identifies forms that lack Cross-Site Request Forgery (CSRF) tokens.
  • File Inclusion Detection: Tests for Local and Remote File Inclusion vulnerabilities.

Setup

  1. Clone the Repository:

    git clone https://github.com/Lakshminarayan-p/vulnerability_scanner.git
cd vulnerability-scanner

  2. Install Dependencies: Ensure Python 2.7 is installed along with the required libraries:

    pip install requests BeautifulSoup

  3. Configuration:

    • Update the target_url and links_to_ignore variables in scanner.py and vulnerability_scanner.py to match your DVWA instance URL and any URLs you want to ignore (e.g., logout links).

  4. Run the Scanner: Execute vulnerability_scanner.py to start scanning:

    python vulnerability_scanner.py

    This script will log into DVWA, crawl all accessible links, and test for vulnerabilities as configured.

Usage

  • Customization: Modify the scanner to add additional vulnerability tests or customize existing ones.
  • Logging: Monitor console output for vulnerability alerts and investigate reported issues.

Example Output

Upon running the scanner, you will see output similar to:

[+] Testing form in http://192.168.44.101/dvwa/vulnerabilities/xss_r/
--------------------------------------------------
[*****] XSS discovered in http://192.168.44.101/dvwa/vulnerabilities/xss_r/ in the following form:
<form method="post" action="xss_r.php">
  <input type="text" name="name">
  <input type="submit" value="Submit">
</form>
--------------------------------------------------
[+] Testing form in http://192.168.44.101/dvwa/vulnerabilities/sqli/
--------------------------------------------------
[*****] SQL Injection discovered in http://192.168.44.101/dvwa/vulnerabilities/sqli/ in the following form:
<form method="post" action="sqli.php">
  <input type="text" name="id">
  <input type="submit" value="Submit">
</form>
--------------------------------------------------

Contact

For any queries, please reach out to Lakshmi Narayan.P.

About

Vulnerability scanner tested on DVWA, adaptable for detecting XSS, SQL injection, CSRF, and more on various websites.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages