Vuln Scanner With Python

Overview

VulnScanner

Code

Version Language GitHub Repo stars


Features

Web Application Firewall (WAF) detection.

Cross Site Scripting (XSS) tests.

SQL injection time based test.

SQL injection error based test.

Local File Inclusion (LFI) test.

Cross Site Tracing (XST) test.


How To Run

git clone https://github.com/NullS0UL/VulnScanner

cd VulnScanner

python3 vulnscan.py http://example.com/page.php?cat=1

Example of Output

python3 vulnscan.py http://example.com/page.php?cat=1

[*] No WAF Detected.

Target: http://example.com/page.php?cat=1

Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1

[!] Testing Cross Site Scripting (XSS)
[!] 10 Payloads.
[+] 9 Payloads were found.

[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>

[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E

[!] Testing SQLInjection
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)

[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='

[!] Testing Local File Inclussion (LFI)
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd


[!] Testing Cross Site Tracing (XST)
[*] This site seems vulnerable to Cross Site Tracing (XST)!


Discaimer

Usage of the VulnScanner for attack targets without prior mutual consent is illegal. 
It is the end user's responsability to obey all applicable local, state, federal and international laws. 
Developer assume no liability and not responsible for any misuse or damage caused by this program.

Find me on

Facebook Telegram

Visit my Blog Site

  • Blogs
  • Owner
    < / N u l l S 0 U L >
    Use your brain , Make GOOGLE your friend 😘
    < / N u l l S 0 U L >
    This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

    CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

    Pedro Havay 12 Nov 18, 2022
    ssh-audit is a tool for ssh server & client configuration auditing.

    SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

    Joe Testa 1.4k Dec 31, 2022
    Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

    Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

    Matt Creel 27 Dec 20, 2022
    Password database With special stuff

    This is a Password database I made for myself, as I want to keep all my passwords in the same place. but still protected, shall anyone get access to the file. And so I made this simple password datab

    9 Oct 30, 2022
    大宝剑-信息收集和资产梳理工具(红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配)

    大宝剑-信息收集和资产梳理工具(红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配)

    Wolf Group Security Team 835 Jan 05, 2023
    A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file

    A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o

    2 Nov 09, 2022
    An automated header extensive scanner for detecting log4j RCE CVE-2021-44228

    log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.

    2 Dec 16, 2021
    proxyshell payload generate

    Py Permutative Encoding https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-pst/5faf4800-645d-49d1-9457-2ac40eb467bd Generate proxyshell

    Evi1cg 63 Nov 15, 2022
    Generate malicious files using recently published homoglyphic-attack (CVE-2021-42694)

    CVE-2021-42694 Generate malicious files using recently published homoglyph-attack vulnerability, which was discovered at least in C, C++, C#, Go, Pyth

    js-on 17 Dec 11, 2022
    A deobfuscator for multiple python obfuscators

    PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o

    svenskithesource 16 Dec 03, 2022
    Monty Hall Problem simulation written in Python.

    Monty Hall Problem Simulation monty_hall_sim is a brute-force method of determining the optimal strategy for the Monty Hall Problem. Usage Set boolean

    Xavier D 1 Aug 29, 2022
    "Video Moment Retrieval from Text Queries via Single Frame Annotation" in SIGIR 2022.

    ViGA: Video moment retrieval via Glance Annotation This is the official repository of the paper "Video Moment Retrieval from Text Queries via Single F

    Ran Cui 38 Dec 31, 2022
    This tool allows to automatically test for Content Security Policy bypass payloads.

    CSPass This tool allows to automatically test for Content Security Policy bypass payloads. Usage [cspass]$ ./cspass.py -h usage: cspass.py [-h] [--no-

    Ruulian 30 Nov 22, 2022
    Vuln Scanner With Python

    VulnScanner Features Web Application Firewall (WAF) detection. Cross Site Scripting (XSS) tests. SQL injection time based test. SQL injection error ba

    < / N u l l S 0 U L > 1 Dec 25, 2021
    Phishing Campaign Toolkit

    King Phisher Phishing Campaign Toolkit Installation For instructions on how to install, please see the INSTALL.md file. After installing, for instruct

    RSM US LLP 1.9k Jan 01, 2023
    Tinyman exploit finder - Tinyman exploit finder for python

    tinyman_exploit_finder There was a big tinyman exploit. You can read about it he

    fish.exe 9 Dec 27, 2022
    Threat Intel Platform for T-POTs

    GreedyBear The project goal is to extract data of the attacks detected by a TPOT or a cluster of them and to generate some feeds that can be used to p

    The Honeynet Project 72 Jan 01, 2023
    A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

    infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

    James 41 Dec 30, 2022
    Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

    evil-stalker How to run First of all, you must install the necessary libraries.

    rock3d 6 Nov 16, 2022
    🐎🖥《赛马娘》(ウマ娘: Pretty Derby)辅助脚本

    auto-derby 自动化养马 育成结果 Nurturing result 功能 支持客户端 DMM (前台) 实验性 安卓 ADB 连接(后台)开发基于 1080x1920 分辨率 团队赛 (Team race) 有胜利确定奖励时吃帕菲 日常赛 (Daily race) PvP 活动赛 (Cha

    NateScarlet 376 Jan 01, 2023