Web Vulnerability Scanner

A powerful Python-based Web Vulnerability Scanner designed to detect common security issues in websites such as XSS, SQL Injection, insecure headers, open ports, and exposed sensitive files. This tool is built for learning, ethical hacking, and security testing purposes.

🚀 Features

• ✔ Scan for Cross-Site Scripting (XSS)
• ✔ Detect SQL Injection vulnerabilities
• ✔ Analyze Security Headers
• ✔ Find Exposed Sensitive Files (.env, .git, backups, etc.)
• ✔ Perform Port Scanning using Nmap
• ✔ Generate Beautiful HTML Reports
• ✔ Clean & modular architecture

PROJECT-STRUCTURE

Web-Vulnerability-Scanner-Reporter/
│
├── scanner.py                # Main CLI entry point
│
├── modules/                  # All vulnerability scanners
│   ├── headers_check.py      # Security headers analysis
│   ├── sql_injection.py      # SQL injection detection
│   ├── xss_check.py          # XSS vulnerability detection
│   ├── port_scan.py          # Open ports scanning
│   └── sensitive_files.py   # Exposed files detection
│
├── reports/
│   └── report_generator.py  # HTML report generation
│
├── utils/
│   └── helpers.py           # Utility functions (URL validation, etc.)
│
├── examples/
│   └── testphp_report.html  # Sample generated report
│
├── requirements.txt         # Dependencies
└── README.md                # Project documentation

⚙️ Installation

Clone the repository:

• git clone https://github.com/yourusername/Web-Vulnerability-Scanner-Reporter.git
• cd Web-Vulnerability-Scanner-Reporter

Install dependencies: pip install -r requirements.txt

▶️ Usage

• Run the scanner:
• python scanner.py https://example.com
• After the scan completes, an HTML vulnerability report will be generated in the reports/ folder.
• Open it in a browser to view the full analysis.

📄 Sample Report

A sample scan report is available inside: examples/testphp_report.html

It shows:

• Vulnerabilities found
• Severity levels
• Evidence
• Remediation suggestions

⚠️ Legal Disclaimer

This tool is built only for educational and ethical purposes.

• You are allowed to scan:
• Your own websites
• Websites you have written permission to test
• Legal bug bounty platforms (HackerOne, Intigriti, Bugcrowd, etc.)

⚠️ Do NOT scan random websites without permission. Illegal scanning is a cybercrime.

🧠 Why This Project?

This scanner was built to:

• Understand how real attackers find vulnerabilities
• Learn how security tools work internally
• Build hands-on skills in web security & ethical hacking

👨‍💻 Author

Cyber Warriors

SAHIL & ARIF

Cybersecurity • Ethical Hacking • Python
🛡️ Building real-world security tools