-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathVulnerability Finder 1.py
More file actions
52 lines (45 loc) · 1.78 KB
/
Copy pathVulnerability Finder 1.py
File metadata and controls
52 lines (45 loc) · 1.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
import requests
from urllib.parse import urljoin
def check_sql_injection(url):
sql_payload = "' OR '1'='1"
response = requests.get(url, params={"id": sql_payload})
if "error" in response.text or "syntax" in response.text:
print(f"SQL Injection vulnerability found at {url}")
else:
print(f"No SQL Injection vulnerability detected at {url}")
def check_xss(url):
xss_payload = "<script>alert('XSS')</script>"
response = requests.get(url, params={"q": xss_payload})
if xss_payload in response.text:
print(f"XSS vulnerability found at {url}")
else:
print(f"No XSS vulnerability detected at {url}")
def check_csrf(url):
response = requests.get(url)
if "csrf-token" not in response.text:
print(f"CSRF vulnerability potentially found at {url}")
else:
print(f"No CSRF vulnerability detected at {url}")
def check_idor(url):
test_url = url + "/user/1"
response = requests.get(test_url)
if response.status_code == 200:
print(f"IDOR vulnerability found at {url}")
else:
print(f"No IDOR vulnerability detected at {url}")
def check_security_misconfiguration(url):
response = requests.get(url)
if "X-Frame-Options" not in response.headers:
print(f"Security Misconfiguration found at {url} - Missing X-Frame-Options")
else:
print(f"No Security Misconfiguration detected at {url}")
def scan_website(base_url):
print(f"Scanning website: {base_url}")
check_sql_injection(base_url)
check_xss(base_url)
check_csrf(base_url)
check_idor(base_url)
check_security_misconfiguration(base_url)
if __name__ == "__main__":
website_url = input("Enter the URL of the website to scan: ")
scan_website(website_url)