The Python script called web app scanner assists cybersecurity professionals in identifying potential vulnerabilities in web applications by using the “requests” library. It achieves this by sending simulated malicious requests to the targeted web app and analyzing the server’s responses for common vulnerability indicators. The objective is to uncover vulnerabilities like SQL injection, cross-site scripting (XSS), and directory traversal.
While the individual checks need further expansion to provide more value in real-world settings with up-to-date and precise tests, this script automates the process of vulnerability detection, enabling professionals to quickly identify potential security weaknesses in web applications.
With the information provided by the scanner, professionals can take appropriate measures to mitigate the identified vulnerabilities, ensuring the web app’s resilience against potential attacks and safeguarding sensitive data.
import requests
def scan_web_app(url):
# Check for common vulnerabilities
vulnerabilities = []
# Check for SQL injection
payload = "' OR '1'='1"
response = requests.get(url + "?param=" + payload)
if "error" in response.text:
vulnerabilities.append("SQL Injection")
# Check for XSS
payload = "<script>alert('XSS')</script>"
response = requests.get(url + "?param=" + payload)
if "<script>alert('XSS')</script>" in response.text:
vulnerabilities.append("Cross-Site Scripting (XSS)")
# Check for directory traversal
payload = "../../../../etc/passwd"
response = requests.get(url + "?file=" + payload)
if "root:" in response.text:
vulnerabilities.append("Directory Traversal")
# Add more vulnerability checks as needed...
return vulnerabilities
# Usage example
target_url = "your URL to check goes here"
vulnerabilities_found = scan_web_app(target_url)
if vulnerabilities_found:
print("Vulnerabilities found in the web app:")
for vulnerability in vulnerabilities_found:
print("- " + vulnerability)
else:
print("No vulnerabilities found in the web app.")The code is divided into two main sections: the scan function and the use case example, which demonstrates how to apply the created function to a website.
The function starts by creating an array to hold the names of any vulnerabilities found while parsing the script. It then describes the three different vulnerabilities it checks for, along with their respective payloads.
The crucial aspect of this script is the utilization of the requests.get function from the requests library. For each vulnerability, this function sends an HTTP GET request to the target URL. The payload itself is incorporated by appending “?param=” and the payload to the target URL.
If the target URL can accept parameters through query strings and is vulnerable, it should produce an error message, which indicates an inappropriate response. This response is obtained through the “response” object and is verified by the script to determine the success of payload delivery.
The second part of the script contains the function that targets a specific URL, scans it for the three present vulnerabilities, and then prints out the array containing the list of vulnerabilities.
This exercise taught me several valuable lessons, including simple methods for testing the three vulnerabilities within the script, the existence and purpose of the “requests” library, and the ability to identify and record multiple issues simultaneously.
