Skip to content

Latest commit

 

History

History
90 lines (65 loc) · 4.17 KB

File metadata and controls

90 lines (65 loc) · 4.17 KB

Automated-Website-Vulnerability-Testing-Tool

This Python-based automated vulnerability testing tool is designed to help security enthusiasts and professionals identify potential security weaknesses in web applications. It performs various vulnerability tests, including XSS, RFI, LFI, CSRF, Subdomain Takeover, Clickjacking, SSRF, and more.

Features

  • Automated Testing: Run multiple vulnerability tests sequentially with minimal user input.
  • Extensible: Easily add more tests and payloads as needed.
  • Organized Results: Displays results in a well-formatted table for easy review.
  • Error Handling: Comprehensive error handling for network issues and file access.
  • User-Friendly: Simple command-line interface for interaction.

Vulnerabilities Tested

The tool currently tests for the following vulnerabilities:

  1. Cross-Site Scripting (XSS)
  2. Remote File Inclusion (RFI)
  3. Local File Inclusion (LFI)
  4. Command Injection
  5. Open Redirect
  6. Host Header Injection
  7. Cross-Site Request Forgery (CSRF)
  8. Subdomain Takeover
  9. Clickjacking
  10. Server-Side Request Forgery (SSRF)
  11. Unsecured File Upload

Requirements

  • Python 3.x
  • requests library
  • tqdm library
  • termcolor library
  • tabulate library

You can install the required libraries using pip:

pip install requests tqdm termcolor tabulate

Usage

Clone the repository:

git clone https://github.com/yourusername/vulnerability-testing-tool.git
cd vulnerability-testing-tool

Prepare your payload files (xss.txt, rfi.txt, lfi.txt, etc.) in the same directory as the script.

Run the tool:

python vulnerability_tester.py

Enter the target URL when prompted.

Example Output

The results will be displayed in a table format, indicating whether the target is vulnerable or safe for each test:

Testing Results: ╔═══════════════════════════════╦══════════════════════════════════════╦══════════════════════════════╗ ║ Test ║ URL ║ Result ║ ╠═══════════════════════════════╬══════════════════════════════════════╬══════════════════════════════╣ ║ XSS ║ http://example.com?input=<script> ║ Vulnerable ║ ║ RFI ║ http://example.com?file=malicious ║ Safe ║ ║ LFI ║ http://example.com?file=../../etc/passwd ║ Vulnerable ║ ║ Command Injection ║ http://example.com?cmd=whoami ║ Safe ║ ║ ... ║ ... ║ ... ║ ╚═══════════════════════════════╩══════════════════════════════════════╩══════════════════════════════╝

Disclaimer

This tool is intended for educational purposes only. Always obtain proper authorization before testing any web application. Unauthorized testing is illegal and unethical. License

This project is licensed under the MIT License - see the LICENSE file for details. Contributing

Feel free to fork the repository and submit pull requests for any enhancements or bug fixes. Your contributions are welcome! Acknowledgements

Thanks to all the contributors and the open-source community for their support and resources.

Instructions for Use:

  1. Replace yourusername in the clone URL with your GitHub username.
  2. You may also want to modify sections as needed, particularly any details specific to your implementation or intended use.

Feel free to ask if you need more details or changes!