WebVulScan - a web application vulnerability scanner

Related tags

Security webvulscan
Overview

WebVulScan

Synopsis

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.

After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.

alt tag

The vulnerabilities tested by WebVulScan are:

  • Reflected Cross-Site Scripting
  • Stored Cross-Site Scripting
  • Standard SQL Injection
  • Broken Authentication using SQL Injection
  • Autocomplete Enabled on Password Fields
  • Potentially Insecure Direct Object References
  • Directory Listing Enabled
  • HTTP Banner Disclosure
  • SSL Certificate not Trusted
  • Unvalidated Redirects

Features:

  • Crawler: Crawls a website to identify and display all URLs belonging to the website.
  • Scanner: Crawls a website and scans all URLs found for vulnerabilities.
  • Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
  • Register: Allows a user to register with the web application.
  • Login: Allows a user to login to the web application.
  • Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
  • PDF Generation: Dynamically generates a detailed PDF report.
  • Report Delivery: The PDF report is emailed to the user as an attachment.

Installation

See ReadMe file in txt and docx format for installation instructions.

Discussion

As this project was exported from Google Code, previously found problems and solutions are available at:

For any other issues or feedback, please contact [email protected]

License

GNU GPL v3

Comments
  • Major run-time error

    Major run-time error

    Warning: fopen(crawler/logs/eventlogs_2018-04-24.txt): failed to open stream: No such file or directory in C:\xampp\htdocs\webvulscan\scanner\classes\Logger.php on line 66 Can't open crawler/logs/eventlogs!

    Warning: fopen(scanner/logs/eventlogs_2018-04-24.txt): failed to open stream: No such file or directory in C:\xampp\htdocs\webvulscan\scanner\classes\Logger.php on line 66 Can't open scanner/logs/eventlogs!

    opened by Dor93 1
  • Start Scan

    Start Scan

    What steps will reproduce the problem?
    1. Start Scan
    2.
    3.
    
    What is the expected output? What do you see instead?
    Scan Details:
    Status: Pending...
    
    No. URLs Found: 0
    Time Taken: 0:11
    No. HTTP Requests Sent: 0
    No. Vulnerabilities Found: 0
    
    No Vulnerabilities Found Yet
    
    
    What version of the product are you using? On what operating system?
    xampp version 3.2.1 Windows 7 Home Basic 64-bit
    
    Please provide any additional information below.
    It is not sending any kind of http request and simply the time taken is 
    increasing. I have installed all the requirements.  
    
    

    Original issue reported on code.google.com by [email protected] on 9 Dec 2014 at 10:00

    Priority-Medium auto-migrated Type-Defect 
    opened by GoogleCodeExporter 2
  • when is the next version coming out in which existing issues have been solved?

    when is the next version coming out in which existing issues have been solved?

    First of all, nice project! Good Job Mr. Blair!
    
    I have several similar issues to those that have been mentioned here. Just 
    wondering when will you release the next version of webvulscan. 
    

    Original issue reported on code.google.com by [email protected] on 12 Mar 2014 at 6:07

    Priority-Medium auto-migrated Type-Enhancement 
    opened by GoogleCodeExporter 1
  • webvulscan register

    webvulscan register

    help me pls
    
    Warning: mysqli::mysqli(): (HY000/1049): Unknown database 'webvulscan' in 
    /opt/lampp/htdocs/webvulscan_v0.12/scanner/functions/databaseFunctions.php on 
    line 50
    There was a problem connecting to the database. Please contact the 
    administrator if problem persists
    
    

    Original issue reported on code.google.com by [email protected] on 9 Jul 2013 at 4:55

    Priority-Medium auto-migrated Type-Defect 
    opened by GoogleCodeExporter 3
  • Problem with connection string

    Problem with connection string

    //hello guys
    //i have a problem with the connection string, i don't have the default //port 
    for mysql, i have the port number '3308'.
    
    //i try this :
    
            $server = 'localhost';
        $user = 'root';
        $pass ='';
        $datab ='webvulscan';
        $port = (int)$port='3308';
    
    
        $db = $db = new mysqli($server,$user,$pass,$datab,$port); 
    
    // but that doesn't work.
    
    //then i try other way:
    
    $db = $db = new mysqli('localhost','root','','webvulscan','3308');
    
    
    thankss.. i hope you can help me!
    
    

    Original issue reported on code.google.com by [email protected] on 27 Apr 2013 at 3:36

    Priority-Medium auto-migrated Type-Defect 
    opened by GoogleCodeExporter 7
Releases(v0.12)
  • v0.12(Aug 1, 2015)

    Note: This release was published in June 2012 on Google Code. It was exported to GitHub in August 2015.

    • Emailing PDF report is now optional. Therefore, you can just view it in your scan history if you wish instead of having it emailed to you.
    • Crawling a URL at the start of the scan is now optional. Therefore, you can now test a single webpage for the various vulnerabilties instead of scanning an entire website.
    • Issues fixed that some users were having when running WebVulScan on Linux (static path references and case sensitivity). Now tested on Windows (XAMPP 1.7.4 running on Vista) and Linux (XAMPP 1.7.4 running on Ubuntu 12.04).
    • Added information about Linux permissions to instructions.
    • Instructions now in .docx and .txt format
    Source code(tar.gz)
    Source code(zip)
    webvulscan_v0.12.zip(12.75 MB)
WPHunter A Wordpress Vulnerability Scanner

WPHunter Tool ☣ WPHunter A Wordpress Vulnerability Scanner You can use this tool on your wordpress website to check the security of your website by fi

Jamal Eddine 140 Dec 24, 2022
sqlscan is quick web scanner for find an sql inject point

sqlscan sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking. use sitemap for best result Simple to use

Bellatrix Lugosi 133 Dec 29, 2022
A php.ini scanner for best security practices

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

psec.io 1.5k Dec 5, 2022
All in one tool for Information Gathering and Vulnerability Scanning

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

r3dhax0r 2.3k Jan 3, 2023
Javascript code scanner to use with gettext/gettext

Javascript code scanner to use with gettext/gettext

Gettext 4 Feb 14, 2022
Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Sam Sanoop 416 Dec 17, 2022
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
Web Application Firewall (WAF) package for Laravel

Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,

Akaunting 681 Jan 3, 2023
The Security component provides a complete security system for your web application.

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Symfony 1.2k Jan 1, 2023
Web Shells that can bypass system firewalls

No System Is Safe Summary Tsayou web shell is a backdoor built using the PHP programming language and designed to bypass multiple system firewalls on

22XploiterCrew 26 Jun 21, 2021
A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.

Simple PHP Web Backdoor A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote U

Aqhmal Hafizi 15 Oct 7, 2022
The new generation of famous WSO web shell. With perks included

wso-ng New generation of famous WSO web shell. With perks included default password is "root" changes can now hook password when loaded via stub <?php

0xbadad 12 Oct 5, 2022
Web page performance/seo/security/accessibility analysis, browser-less for PHP

Web page performance/seo/security/accessibility analysis, browser-less for PHP

Lightship 5 Dec 15, 2022
CORS (Cross-Origin Resource Sharing) middleware for Hyperf application.

CORS Middleware for Hyperf Implements fruitcake/laravel-cors for Hyperf. Features Handles CORS pre-flight OPTIONS requests Adds CORS headers to your r

Gang Wu 8 Sep 19, 2022
Laravel Automated Vulnerability Scanner

Todo Laravel Fingerprint Laravel Leak .env Laravel Debug Mode Laravel CVE-2018-15133 Laravel Ignition CVE-2021-3129 Insecure Deserialization with APP_

Carlos Vieira 52 Dec 4, 2022
WPHunter A Wordpress Vulnerability Scanner

WPHunter Tool ☣ WPHunter A Wordpress Vulnerability Scanner You can use this tool on your wordpress website to check the security of your website by fi

Jamal Eddine 140 Dec 24, 2022
sqlscan is quick web scanner for find an sql inject point

sqlscan sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking. use sitemap for best result Simple to use

Bellatrix Lugosi 133 Dec 29, 2022
A dockerized PHP application containing some file upload vulnerability challenges (scenarios)

File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges

Moein Fatehi 15 Dec 23, 2022
Application with SQL Injection vulnerability and possible privilege escalation

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

Filip Karczewski 56 Nov 18, 2022