This project provides a robust and easy-to-use web vulnerability scanner to help you identify security weaknesses in your websites. 🕵️♂️ It's like having a security expert on demand! 🚀
This scanner automatically probes your website for common vulnerabilities, providing detailed reports to help you strengthen your security posture. Think of it as a health check for your website's security. 🩺
Here's a breakdown of the key features:
- XSS (Cross-Site Scripting) Scanning: Detects vulnerabilities that allow attackers to inject malicious scripts into your website, potentially stealing user data or hijacking sessions. 😈
- SQL Injection Scanning: Tests for weaknesses that could enable attackers to manipulate your database, potentially leading to data breaches or unauthorized access. 🗄️
- Security Header Scanning: Verifies the presence and correct configuration of essential security HTTP headers, such as Content-Security-Policy (CSP), X-Frame-Options, and HSTS, which protect against various attacks. 🛡️
- SSRF (Server-Side Request Forgery) Scanning: Identifies vulnerabilities that could allow attackers to trick your server into making unauthorized requests to internal or external resources. 🌐
- CSRF (Cross-Site Request Forgery) Scanning: Checks for weaknesses that could allow attackers to trick users into performing unwanted actions on your website without their knowledge. 🎭
- RCE (Remote Code Execution) Scanning: Tests for critical vulnerabilities that could allow attackers to execute arbitrary commands on your server. 💥
- LFI (Local File Inclusion) Scanning: Identifies vulnerabilities that could allow attackers to access sensitive files on your server. 📁
- NoSQL Injection Scanning: Checks for vulnerabilities in NoSQL databases that could allow attackers to manipulate queries and access unauthorized data. 🗄️
- CORS (Cross-Origin Resource Sharing) Misconfiguration Scanning: Detects misconfigured CORS policies that could allow unauthorized access to your website's resources from other domains. 🌐
- Sensitive Information Disclosure Scanning: Looks for exposed sensitive data like API keys, AWS keys, email addresses, private keys, social security numbers, and credit card numbers in your website's responses. 🕵️♀️
- Sensitive File Exposure Scanning: Checks for publicly accessible sensitive files such as
.git/config,.env, andphpinfo.php. 📁
- Clone the repository:
git clone [https://github.com/Verifieddanny/vuln-scanner.git]⬇️ - Install dependencies:
npm installorbun installoryarn install📦 - Run the project:
npm run devorbun run devoryarn run dev▶️ - Access the web interface: Open your browser and navigate to the appropriate URL (usually
http://localhost:3000). 🌐 - Enter the target URL: Provide the URL of the website you want to scan. 🎯
- Select scan options: Choose the specific vulnerability types you want to check for. ✅
- Start the scan: Click the "Start Scan" button. 🚀
- Review the results: The scanner will generate a detailed report with any vulnerabilities found. 📝
This project uses a combination of techniques to detect vulnerabilities, including:
- Payload Injection: Injecting specially crafted inputs to test how the website handles them.
- Response Analysis: Analyzing the server's responses for error messages, indicators of successful attacks, and missing security headers.
- Regular Expressions: Using regular expressions to identify patterns of sensitive data.
The backend is built with NEXTjs and provides a user-friendly interface for interacting with the scanner. it uses axios for making HTTP requests.
Contributions are always welcome! If you have any ideas, suggestions, or bug reports, feel free to open an issue or submit a pull request. Let's make this project even better together! 🙌
If you encounter any problems, please let me know by creating an issue. I'll do my best to fix them as soon as possible. 🐞
This project is licensed under the (for the plot) License. See the LICENSE file for more details. 📜
I'd like to thank God. 🙏
If you like this project, please consider giving it a star! ⭐ It means a lot to me! 😊
If you have any questions or just want to say hi, feel free to reach out to me at [email protected]. 📧
Have a great day! 🎉