Web Vulnerability Scanner β Detect XSS, SQL Injection, LFI, missing security headers, and SSL misconfigurations.
- π SQL Injection β Error-based detection with 9 payloads across MySQL, PostgreSQL, Oracle, SQLite
- β‘ XSS (Cross-Site Scripting) β Reflected XSS testing with 8 payloads including SSTI detection
- π Local File Inclusion β Path traversal with encoding bypass techniques
- π Security Headers Audit β CSP, HSTS, X-Frame-Options, and more
- π SSL/TLS Analysis β Weak protocol and expired certificate detection
- πΈοΈ Auto Form Crawling β Automatic form discovery and parameter testing
- π JSON Export β Machine-readable output for CI/CD integration
- π« Zero Dependencies β Pure Python stdlib
```bash
vulnscan https://target.com
vulnscan https://target.com --xss vulnscan https://target.com --sqli vulnscan https://target.com --headers vulnscan https://target.com --lfi
vulnscan "https://target.com/search?q=test&id=1" --full
vulnscan https://target.com --json -o results.json ```
For authorized penetration testing only. Only scan targets you have explicit written permission to test. Unauthorized scanning is illegal. The author is not responsible for misuse.
MIT β @redX000