Web Analyzer Advanced

A lightweight, active web vulnerability scanner built in Python. This tool performs automated reconnaissance and security testing on target web applications, identifying common vulnerabilities like SQL Injection, XSS, and more.

Caution

LEGAL WARNING: This tool is for EDUCATIONAL PURPOSES and AUTHORIZED TESTING ONLY.

• Only scan targets you own or have explicit, written permission to test.
• Unauthorized scanning of web assets is illegal and unethical.
• The authors assume no liability for misuse of this tool.

Features

• Vulnerability Scanning:
  • SQL Injection (SQLi): Error-based, Time-based (Boolean-blind checks included).
  • Cross-Site Scripting (XSS): Reflected XSS active probing.
  • Command Injection: Checks for OS command execution flaws.
  • SSTI: Server-Side Template Injection tests.
• Reconnaissance:
  • Sensitive Files: Scans for .git, .env, config.php, etc.
  • Secret Leaks: Scans JS files for API keys and secrets.
  • Misconfigurations: CORS wildcards, missing security headers.
• Form Testing: automatically parses and injects payloads into HTML forms.
• Authentication: Supports Generic Login (POST) and manual cookie/session headers.
• Reporting: Generates a self-contained HTML report with evidence snippets.

Installation

1. Clone this repository.
2. Install the required Python packages:

pip install requests beautifulsoup4

Usage

Basic scan:

python web_analyzer_advanced.py http://example.com

Save report to a specific file:

python web_analyzer_advanced.py http://example.com --output my_report.html

Authenticated Scanning

Option A: Generic Login (Auto-login) Provide the login URL and field names. The scanner will attempt to log in before scanning.

python web_analyzer_advanced.py http://example.com/ \
  --login-url http://example.com/login.php \
  --username-field user \
  --password-field pass \
  --username admin \
  --password secret

Option B: Manual Session Cookie If you are already logged in via browser, grab your PHPSESSID or other cookies.

python web_analyzer_advanced.py http://example.com --phpsessid 12345abcdef
# OR
python web_analyzer_advanced.py http://example.com --cookie "session=xyz; security=low"

Options

Flag	Description
--output, -o	Output HTML report filename (default: web_scan_report.html).
--max-tests	Limit the number of HTTP requests to prevent flooding (default: 300).
--phpsessid	Manually set the PHPSESSID cookie.
--cookie	Manually set arbitrary cookies (e.g., key=value; key2=val2).
--login-url	URL to POST login credentials to.

Roadmap & Limitations

This tool is currently in an alpha/educational state. Contributors should be aware of the following known limitations and planned updates:

• Performance: Currently single-threaded. Future updates will implement asyncio or threading for faster scanning.
• Crawling: The crawler is shallow (Level 1 depth). It does not recursively spider the entire application.
• Detection Logic: Relies heavily on regex and string matching.
  • Planned: Better heuristic analysis to reduce false positives/negatives.
  • Planned: dedicated specific payloads for different DB backends (MySQL vs PostgreSQL strategies).
• DOM XSS: Does not use a headless browser (like Selenium/Playwright), so it may miss DOM-based XSS that requires JavaScript execution to trigger.
• Proxy Support: No built-in support for proxying traffic (e.g., through Burp Suite) yet.
• WAF Evasion: No encoding/obfuscation techniques implemented to bypass WAFs.