Vuln Scanner With Python

Overview

VulnScanner

Code

Version Language GitHub Repo stars


Features

Web Application Firewall (WAF) detection.

Cross Site Scripting (XSS) tests.

SQL injection time based test.

SQL injection error based test.

Local File Inclusion (LFI) test.

Cross Site Tracing (XST) test.


How To Run

git clone https://github.com/NullS0UL/VulnScanner

cd VulnScanner

python3 vulnscan.py http://example.com/page.php?cat=1

Example of Output

python3 vulnscan.py http://example.com/page.php?cat=1

[*] No WAF Detected.

Target: http://example.com/page.php?cat=1

Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1

[!] Testing Cross Site Scripting (XSS)
[!] 10 Payloads.
[+] 9 Payloads were found.

[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>

[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E

[!] Testing SQLInjection
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)

[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='

[!] Testing Local File Inclussion (LFI)
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd


[!] Testing Cross Site Tracing (XST)
[*] This site seems vulnerable to Cross Site Tracing (XST)!


Discaimer

Usage of the VulnScanner for attack targets without prior mutual consent is illegal. 
It is the end user's responsability to obey all applicable local, state, federal and international laws. 
Developer assume no liability and not responsible for any misuse or damage caused by this program.

Find me on

Facebook Telegram

Visit my Blog Site

  • Blogs
  • Owner
    < / N u l l S 0 U L >
    Use your brain , Make GOOGLE your friend 😘
    < / N u l l S 0 U L >
    orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner

    Introduction orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner. Other popular ORF searching tools

    Urminder Singh 34 Nov 21, 2022
    Xteam All in one Instagram,Android,phishing osint and wifi hacking tool available

    Xteam All in one Instagram,Android,phishing osint and wifi hacking tool available

    xploits tech 283 Dec 29, 2022
    Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

    DOME - A subdomain enumeration tool Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtai

    Vadi 329 Jan 01, 2023
    使用golang重写开源工具wafw00f

    GO-WAFW00F 介绍 WAFW00F是一款优秀的web应用防火墙识别开源工具:https://github.com/EnableSecurity/wafw00f 使用Golang重写的原因:Python环境配置不便利,Golang打包生成可执行文件直接运行 目前还在开发阶段,规则解析存在小问题

    80 Dec 30, 2021
    Privilege escalation with polkit - CVE-2021-3560

    Polkit-exploit - CVE-2021-3560 Privilege escalation with polkit - CVE-2021-3560 Summary CVE-2021-3560 is an authentication bypass on polkit, which all

    Ahmad Almorabea 95 Dec 27, 2022
    Complet and easy to run Port Scanner with Python

    Port_Scanner Complet and easy to run Port Scanner with Python Installation 1- git clone https://github.com/s120000/Port_Scanner 2- cd Port_Scanner 3-

    1 May 19, 2022
    CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

    CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s

    2 Feb 15, 2022
    XSS scanner in python

    DeadXSS XSS scanner in python How to Download: Step 1: git clone https://github.com/Deadeye0x/DeadXSS.git Step 2: cd DeadXSS Step 3: python3 DeadXSS.p

    2 Jul 17, 2022
    Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

    The Recon-ng Framework Recon-ng content now available on Pluralsight! Recon-ng is a full-featured reconnaissance framework designed with the goal of p

    2.4k Jan 07, 2023
    Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4

    Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i

    116 Jan 08, 2023
    Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。

    0x00 介绍 tig Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率,目前已集成微步、IP 域名反查、Fofa 信息收集、ICP 备案查询、IP 存活检测五个模块,现已支持以下信息的查询: ✅ 微步标签 ✅ I

    Wolf Group Security Team 698 Dec 09, 2022
    Buffer Overflow para SLmail5.5 32 bits

    SLmail5.5-Exploit-BoF Buffer Overflow para SLmail5.5 32 bits con un par de utilidades para que puedas hacer el tuyo REQUISITOS PARA QUE FUNCIONE: Desa

    Luis Javier 15 Jul 30, 2022
    A simple subdomain scanner in python

    Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! 💁‍♀️ How to use first download the scanner.p

    Portgas D Ace 2 Jan 07, 2022
    Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

    Dlint Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure. The most important thing I have done as a progra

    Dlint 127 Dec 27, 2022
    macOS persistence tool

    PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

    Cyborg Security, Inc 212 Dec 29, 2022
    python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)

    python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)

    1frame 266 Jan 02, 2023
    Python library to prevent XSS(cross site scripting attach) by removing harmful content from data.

    A tool for removing malicious content from input data before saving data into database. It takes input containing HTML with XSS scripts and returns va

    2 Jul 05, 2022
    SARA - Simple Android Ransomware Attack

    SARA - Simple Android Ransomware Attack Disclaimer The author is not responsible for any issues or damage caused by this program. Features User can cu

    Termux Hackers 99 Jan 04, 2023
    PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

    A medium security python password manager that encrypt passwords using Advanced Encryption Standard (AES) PassLock is a password manager and password

    Akshay Vs 44 Nov 18, 2022
    Yesitsme - Simple OSINT script to find Instagram profiles by name and e-mail/phone

    Simple OSINT script to find Instagram profiles by name and e-mail/phone

    108 Jan 07, 2023