import sys
import requests
from bs4 import BeautifulSoup
from urllib.parse import urljoin
def scan_website(url):
# Step 1: Discover URLs on the website
discovered_urls = discover_urls(url)
unique_urls = list(set(discovered_urls)) # Remove duplicates
print(f"Discovered {len(unique_urls)} unique URLs on {url}:\n")
for i, discovered_url in enumerate(unique_urls, start=1):
print(f"{i}. {discovered_url}")
# Step 2: Scan discovered URLs for vulnerabilities
for page_url in unique_urls:
vulnerabilities = scan_url(page_url)
if vulnerabilities:
print(f"\nVulnerabilities found on {page_url}:")
for vulnerability, attack_method in vulnerabilities.items():
print(f"\nVulnerability: {vulnerability}")
print(f"Attack Method: {attack_method}")
def discover_urls(url):
discovered_urls = []
# Send a GET request to the given URL
response = requests.get(url)
if response.status_code == 200:
# Parse the HTML content of the response
soup = BeautifulSoup(response.text, "html.parser")
# Find all anchor tags and extract URLs
for anchor_tag in soup.find_all("a"):
href = anchor_tag.get("href")
if href:
absolute_url = urljoin(url, href)
discovered_urls.append(absolute_url)
return discovered_urls
def scan_url(url):
vulnerabilities = {}
# Step 1: Perform vulnerability scans using a vulnerability scanner or custom checks
# Example: Check for SQL injection vulnerability
if is_sql_injection_vulnerable(url):
vulnerabilities["SQL injection vulnerability"] = "Injecting SQL code into input fields"
# Example: Check for cross-site scripting (XSS) vulnerability
if is_xss_vulnerable(url):
vulnerabilities["Cross-site scripting (XSS) vulnerability"] = "Injecting malicious scripts into input fields"
# Step 2: Perform additional vulnerability checks or manual code review
# Example: Check for insecure server configuration
if has_insecure_configuration(url):
vulnerabilities["Insecure server configuration"] = "Exploiting insecure communication protocols"
return vulnerabilities
def is_sql_injection_vulnerable(url):
# Perform checks for SQL injection vulnerability
# Example: Send a malicious SQL query and check the response
payload = "' OR '1'='1"
response = requests.get(url + "?id=" + payload)
if "error" in response.text.lower():
return True
return False
def is_xss_vulnerable(url):
# Perform checks for cross-site scripting (XSS) vulnerability
# Example: Inject a script tag and check if it gets executed
payload = "<script>alert('XSS')</script>"
response = requests.get(url + "?input=" + payload)
if payload in response.text:
return True
return False
def has_insecure_configuration(url):
# Perform checks for insecure server configuration
# Example: Check if the website uses HTTP instead of HTTPS
if not url.startswith("https"):
return True
return False
if name == "main":
if len(sys.argv) > 1:
target_url = sys.argv[1]
scan_website(target_url)
else:
print("Please provide a URL as an argument.")
# Personal Information
name = "Mejbaur Bahar Fagun"
title = "Software QA Engineer | Cyber Security Analyst | CE|H(Certified Ethiccal Hacker) | Digital Forensic| ISTQB Foundation | CompTIA | Postman | Selenium | Manual Tester | Automation Engineer | API Tester "
print("\n")
print("#############################################")
print(f"Script by: {name}")
print(f"Title: {title}")
print("#############################################")
import sys
import requests
from bs4 import BeautifulSoup
from urllib.parse import urljoin
def scan_website(url):
# Step 1: Discover URLs on the website
discovered_urls = discover_urls(url)
unique_urls = list(set(discovered_urls)) # Remove duplicates
print(f"Discovered {len(unique_urls)} unique URLs on {url}:\n")
for i, discovered_url in enumerate(unique_urls, start=1):
print(f"{i}. {discovered_url}")
def discover_urls(url):
discovered_urls = []
def scan_url(url):
vulnerabilities = {}
def is_sql_injection_vulnerable(url):
# Perform checks for SQL injection vulnerability
# Example: Send a malicious SQL query and check the response
payload = "' OR '1'='1"
response = requests.get(url + "?id=" + payload)
if "error" in response.text.lower():
return True
return False
def is_xss_vulnerable(url):
# Perform checks for cross-site scripting (XSS) vulnerability
# Example: Inject a script tag and check if it gets executed
payload = "<script>alert('XSS')</script>"
response = requests.get(url + "?input=" + payload)
if payload in response.text:
return True
return False
def has_insecure_configuration(url):
# Perform checks for insecure server configuration
# Example: Check if the website uses HTTP instead of HTTPS
if not url.startswith("https"):
return True
return False
if name == "main":
if len(sys.argv) > 1:
target_url = sys.argv[1]
scan_website(target_url)
else:
print("Please provide a URL as an argument.")