This Python-based automated vulnerability testing tool is designed to help security enthusiasts and professionals identify potential security weaknesses in web applications. It performs various vulnerability tests, including XSS, RFI, LFI, CSRF, Subdomain Takeover, Clickjacking, SSRF, and more.
- Automated Testing: Run multiple vulnerability tests sequentially with minimal user input.
- Extensible: Easily add more tests and payloads as needed.
- Organized Results: Displays results in a well-formatted table for easy review.
- Error Handling: Comprehensive error handling for network issues and file access.
- User-Friendly: Simple command-line interface for interaction.
The tool currently tests for the following vulnerabilities:
- Cross-Site Scripting (XSS)
- Remote File Inclusion (RFI)
- Local File Inclusion (LFI)
- Command Injection
- Open Redirect
- Host Header Injection
- Cross-Site Request Forgery (CSRF)
- Subdomain Takeover
- Clickjacking
- Server-Side Request Forgery (SSRF)
- Unsecured File Upload
- Python 3.x
requests
librarytqdm
librarytermcolor
librarytabulate
library
You can install the required libraries using pip:
pip install requests tqdm termcolor tabulate
git clone https://github.com/yourusername/vulnerability-testing-tool.git
cd vulnerability-testing-tool
Prepare your payload files (xss.txt, rfi.txt, lfi.txt, etc.) in the same directory as the script.
Run the tool:
python vulnerability_tester.py
Enter the target URL when prompted.
The results will be displayed in a table format, indicating whether the target is vulnerable or safe for each test:
Testing Results: ╔═══════════════════════════════╦══════════════════════════════════════╦══════════════════════════════╗ ║ Test ║ URL ║ Result ║ ╠═══════════════════════════════╬══════════════════════════════════════╬══════════════════════════════╣ ║ XSS ║ http://example.com?input=<script> ║ Vulnerable ║ ║ RFI ║ http://example.com?file=malicious ║ Safe ║ ║ LFI ║ http://example.com?file=../../etc/passwd ║ Vulnerable ║ ║ Command Injection ║ http://example.com?cmd=whoami ║ Safe ║ ║ ... ║ ... ║ ... ║ ╚═══════════════════════════════╩══════════════════════════════════════╩══════════════════════════════╝
This tool is intended for educational purposes only. Always obtain proper authorization before testing any web application. Unauthorized testing is illegal and unethical. License
This project is licensed under the MIT License - see the LICENSE file for details. Contributing
Feel free to fork the repository and submit pull requests for any enhancements or bug fixes. Your contributions are welcome! Acknowledgements
Thanks to all the contributors and the open-source community for their support and resources.
- Replace
yourusername
in the clone URL with your GitHub username. - You may also want to modify sections as needed, particularly any details specific to your implementation or intended use.
Feel free to ask if you need more details or changes!