A powerful, beginner-friendly web vulnerability scanner built for ethical hackers and security researchers.
Developed by Ankush | CSE β Cybersecurity Engineer
This tool is strictly for educational purposes and authorized security testing only.
- β Use on your own websites
- β Use in authorized Bug Bounty programs (in-scope targets only)
- β Use in paid/authorized penetration testing engagements
- β DO NOT scan websites without written permission from the owner
- β Unauthorized scanning is a criminal offense under IT Act, CFAA, and cybercrime laws worldwide
The developer is not responsible for any misuse of this tool.
βββ ββββββ ββββββ ββββ βββββββββββ βββββββ ββββββ ββββ βββ
βββ ββββββ ββββββ βββββ ββββββββββββββββββββββββββββββββ βββ
βββ ββββββ ββββββ ββββββ ββββββββββββββ ββββββββββββββ βββ
ββββ βββββββ ββββββ βββββββββββββββββββββ ββββββββββββββββββ
βββββββ ββββββββββββββββββββ βββββββββββββββββββββββββ ββββββ ββββββ
βββββ βββββββ βββββββββββ βββββββββββββ ββββββββββ ββββββ βββββ
Web Vulnerability Scanner v1.0.0
Developer: Ankush | CSE (Cybersecurity Engineer)
| Module | What It Detects | Why It Matters |
|---|---|---|
| π DNS & IP Info | IP address, reverse DNS | Reconnaissance info |
| π Port Scanner | Open ports (FTP, SSH, MySQL, etc.) | Exposed services = attack surface |
| π SSL/TLS Check | Certificate validity, expiry | Expired cert = MITM attack risk |
| π HTTP Headers | Missing security headers | Headers prevent XSS, Clickjacking, etc. |
| π Sensitive Files | .env, .git, backup.sql, admin panels |
Data/credential exposure |
| π SQL Injection | Error-based SQLi detection | DB can be stolen or wiped |
| β‘ XSS Detection | Reflected XSS payload test | Session hijacking, phishing |
| πͺ Cookie Security | HttpOnly, Secure, SameSite flags | Prevent cookie theft |
# Step 1: Clone the repository
git clone https://github.com/yourusername/vulnscan.git
# Step 2: Go into the folder
cd vulnscan
# Step 3: Make the script executable
chmod +x vulnscan.py
# Step 4: Run it!
python3 vulnscan.py example.com# Step 1: Update Termux packages
pkg update && pkg upgrade -y
# Step 2: Install Python
pkg install python -y
# Step 3: Clone the repository
pkg install git -y
git clone https://github.com/yourusername/vulnscan.git
# Step 4: Go into the folder
cd vulnscan
# Step 5: Run it!
python3 vulnscan.py example.com# Step 1: Install Python (if not installed)
brew install python3
# Step 2: Clone the repository
git clone https://github.com/yourusername/vulnscan.git
# Step 3: Enter folder
cd vulnscan
# Step 4: Run it!
python3 vulnscan.py example.com# Basic usage
python3 vulnscan.py <target>
# Examples
python3 vulnscan.py example.com
python3 vulnscan.py https://testsite.com
python3 vulnscan.py 192.168.1.1β You can provide the target with or without
https://β VulnScan handles it automatically.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π HTTP Security Headers
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[VULN] Strict-Transport-Security β NOT SET (HSTS Missing)
β³ Forces browser to always use HTTPS. Without it, attackers can downgrade to HTTP.
[SAFE] X-Content-Type-Options is set β
[VULN] Content-Security-Policy β NOT SET (No CSP β XSS Risk Higher)
β³ CSP restricts what scripts can run. Without it, XSS attacks are easier.
[WARN] Server header reveals: 'Apache/2.4.41' β Version info exposed!
β³ Knowing server version helps attackers find known CVEs to exploit.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π Sensitive Files & Directory Exposure
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[VULN] Environment File found at: /.env
β³ May contain DB passwords, API keys, secret tokens!
[SAFE] /.git/config β Not found
- Python 3.6+
- No external libraries needed β uses only Python standard library
- Works on any OS that supports Python
Each finding is labeled clearly so beginners can understand:
| Label | Meaning |
|---|---|
[VULN] π΄ |
Vulnerability found β needs immediate attention |
[WARN] π‘ |
Potential issue β should be reviewed |
[SAFE] π’ |
This check passed β no issue found |
[INFO] π΅ |
General information β no action needed |
β³ |
Explanation of WHY this is a problem |
vulnscan/
β
βββ vulnscan.py # Main scanner tool
βββ README.md # Documentation
βββ LICENSE # MIT License
- DNS & IP Recon
- Port Scanner
- SSL/TLS Analysis
- HTTP Security Headers
- Sensitive File Detection
- Basic SQLi Detection
- Basic XSS Detection
- Cookie Security Analysis
- Subdomain Enumeration
- WHOIS Lookup
- Full Report Export (HTML/PDF)
- CVE Lookup Integration
- Multi-threading for faster scans
- JSON/TXT output mode
Contributions are welcome! Here's how:
# Fork the repo
# Create your feature branch
git checkout -b feature/new-module
# Commit your changes
git commit -m "Add: new vulnerability module"
# Push to branch
git push origin feature/new-module
# Open a Pull RequestAnkush CSE β Cybersecurity Engineer
"Hack Ethically. Defend Digitally."
This project is licensed under the MIT License β see the LICENSE file for details.
β If this tool helped you, please give it a star! β
Made with β€οΈ by Ankush | CSE (Cybersecurity Engineer)