Web Vulnerability Scanner

Overview

A command-line tool built in Python designed to automate the detection of common web vulnerabilities. It crawls target web applications and systematically tests for issues including Cross-Site Scripting (XSS), SQL Injection, open redirects, insecure headers, and directory traversal. Built for security researchers and penetration testers who need a fast, extensible scanning solution.

Tech Stack

Process

• Designed a modular architecture allowing individual vulnerability modules to be added or removed independently.
• Implemented a multi-threaded crawler to efficiently map target web application endpoints.
• Built detection payloads for XSS, SQL injection, and open redirect vulnerabilities with response analysis.
• Added HTTP security header analysis to flag missing protections like CSP, HSTS, and X-Frame-Options.
• Packaged the tool with a CLI interface