Skip to content

windro-xdd/AdvExploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
advexploit.py
advexploit.py
 
 
install.sh
install.sh
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

AdvExploit - Web Vulnerability Scanner

AdvExploit is a powerful and easy-to-use web vulnerability scanner that helps you identify security flaws in your web applications. It provides two main scanning modes: a web vulnerability scan and an Nmap-based network scan.

Features

  • Web Vulnerability Scan: Performs a series of checks for common web vulnerabilities, including:
    • SQL Injection
    • Cross-Site Scripting (XSS)
    • Insecure HTTP Headers
    • Local File Inclusion (LFI)
    • Remote File Inclusion (RFI)
    • OS Command Injection
    • Cross-Site Request Forgery (CSRF)
  • Nmap Scan with Exploit Search: Uses the Nmap Scripting Engine to perform an in-depth vulnerability scan and automatically searches for known exploits in the Exploit-DB database using searchsploit.
  • Reporting: Generates detailed reports in both JSON and HTML formats, organized by target.

Installation

Linux

The installation script will automatically detect your operating system and use the appropriate package manager to install the dependencies.

  1. Clone the repository: 
    git clone https://github.com/your-username/advexploit.git
cd advexploit
  2. Run the installation script: 
    chmod +x install.sh
./install.sh

Windows

The "Web Vulnerability Scan" is fully supported on Windows. The "Nmap Scan with Exploit Search" requires manual installation of nmap and searchsploit.

  1. Install Python 3: https://www.python.org/downloads/
  2. Install the required Python libraries: 
    pip install -r requirements.txt
  3. (Optional) Install Nmap: https://nmap.org/download.html
  4. (Optional) Install searchsploit: https://www.exploit-db.com/searchsploit

Using a Virtual Environment (Recommended)

It is recommended to use a virtual environment to avoid conflicts with system-wide packages.

  1. Create a virtual environment: 
    python -m venv venv
  2. Activate the virtual environment:
    • Linux/macOS: 
      source venv/bin/activate
    • Windows: 
      venv\Scripts\activate
  3. Install the dependencies: 
    pip install -r requirements.txt

Usage

Run the scanner with the following command:

python advexploit.py

You will be presented with a menu to choose the type of scan you want to perform.

Future Improvements

  • More advanced scanning techniques: Implement more sophisticated checks for vulnerabilities like XXE, SSRF, and deserialization attacks.
  • Authentication: Add support for scanning authenticated applications by allowing users to provide credentials or session cookies.
  • Configuration: Allow users to configure the scanner's behavior through a configuration file (e.g., specify which tests to run, set custom payloads).
  • GUI: Develop a graphical user interface to make the tool more accessible to a wider range of users.

About

An advance website enumaration and vulnerability scanner tool

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages