A professional-grade web application security scanner built for educational purposes and authorized penetration testing. Features a BFS crawler, 6 vulnerability plugins (XSS, SQLi, CORS, open redirect, security headers, sensitive file exposure), technology fingerprinting, a FastAPI REST backend, real-time web dashboard, and multi-format reporting (HTML, JSON, Markdown). Zero compiled dependencies — works on Python 3.9 through 3.14+.
⚠️ EDUCATIONAL USE ONLY — Only scan targets you own or have explicit written authorization to test. Unauthorized scanning is illegal. This tool is for learning, CTFs, and authorized penetration testing.
websec-scanner/
├── core/
│ ├── crawler/ # Website crawling engine
│ │ ├── __init__.py
│ │ ├── crawler.py # BFS crawler with form & param extraction
│ │ └── normalizer.py # URL normalization
│ ├── engine/ # HTTP request engine
│ │ ├── __init__.py
│ │ └── requester.py # Configurable HTTP client
│ └── fingerprint/ # Technology detection
│ ├── __init__.py
│ └── fingerprinter.py
├── scanner/
│ ├── __init__.py
│ ├── orchestrator.py # Scan job coordinator
│ └── plugins/ # Vulnerability modules
│ ├── base.py
│ ├── xss_scanner.py
│ ├── sqli_scanner.py
│ ├── cors_scanner.py
│ ├── headers_scanner.py
│ ├── redirect_scanner.py
│ └── sensitive_files.py
├── database/
│ ├── __init__.py
│ ├── models.py # SQLAlchemy models
│ └── schema.sql # Raw SQL schema
├── api/
│ ├── __init__.py
│ └── app.py # FastAPI application
├── reports/
│ ├── __init__.py
│ └── reporter.py # Report generation (JSON/MD/HTML)
├── dashboard/
│ └── index.html # Single-file web dashboard
├── config/
│ └── settings.py
├── requirements.txt
└── main.py # CLI entry point
pip install -r requirements.txtpython main.py scan --target https://example.com --depth 3 --output report.htmlpython main.py server
# Open http://localhost:8000/docs for Swagger UI
# Open dashboard/index.html for the web dashboardpython main.py scan \
--target https://testphp.vulnweb.com \
--depth 2 \
--plugins xss,sqli,cors,headers,redirect \
--rate-limit 10 \
--output results/report.html- Discovery — Crawl the target, extract URLs, forms, parameters
- Fingerprinting — Detect technologies, server, frameworks
- Vulnerability Testing — Run each plugin module against endpoints
- Analysis — Score, deduplicate, and rank findings
- Reporting — Generate structured output
Create a new vulnerability module by extending BasePlugin:
from scanner.plugins.base import BasePlugin, Finding, Severity
class MyPlugin(BasePlugin):
name = "my_check"
description = "Checks for X vulnerability"
def run(self, endpoint, requester):
# Test logic here
findings = []
# ...
findings.append(Finding(
endpoint=endpoint.url,
title="X Vulnerability Found",
severity=Severity.HIGH,
description="...",
remediation="...",
payload="...",
evidence="..."
))
return findings- https://testphp.vulnweb.com (Acunetix demo)
- https://demo.testfire.net (Altoro Mutual demo)
- http://www.webscantest.com
- Your own local apps (DVWA, WebGoat, Juice Shop)
This tool is provided for educational purposes only. The authors assume no liability for any misuse. Always obtain written permission before scanning any system you do not own.