Skip to content

cyberseef/VulnVista

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
modules
modules
 
 
output
output
 
 
screenshots
screenshots
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
vuln_vista.py
vuln_vista.py
 
 

Repository files navigation

VulnVista

Lightweight non-intrusive web vulnerability scanner (Module 7 project).

Features (requirements)

  • Accept target URL
  • Crawl same-domain pages (discover pages/forms)
  • Detect open directories & common public files (robots.txt, sitemap.xml, etc.)
  • Parse HTML/JS for tokens
  • Check for missing security headers and insecure cookies (Secure + HttpOnly)
  • Enumerate GET/POST parameters, explicitly list hidden fields
  • Detect URL query parameters present on pages
  • Basic SQL error signature detection in responses (passive)
  • Generate .md report (optional PDF via wkhtmltopdf); screenshots saved to screenshots/

Install

  1. Clone:
git clone https://github.com/cyberseef/VulnVista.git
cd VulnVista
  1. Python deps:
python3 -m pip install -r requirements.txt
  1. (Optional) For PDF reports and screenshots:
  • Install wkhtmltopdf / wkhtmltoimage (Debian/Ubuntu/Bullseye example):
# download appropriate deb from https://wkhtmltopdf.org/downloads.html
sudo apt install ./wkhtmltox_0.12.6.1-2.bullseye_amd64.deb
  • Verify:
wkhtmltopdf --version
wkhtmltoimage --version

Usage

Basic:

python3 vuln_vista.py -u https://127.0.0.1/DVWA/
python3 vuln_vista.py -u https://demo.owasp-juice.shop/#/

Max pages limit:

python3 vuln_vista.py -u http://127.0.0.1/DVWA/ --max-pages 200
python3 vuln_vista.py -u https://demo.owasp-juice.shop/#/ --max-pages 200

Generate PDF and screenshots (if wkhtmltopdf/wkhtmltoimage installed):

python3 vuln_vista.py -u http://127.0.0.1/DVWA/ --pdf-report --take-screenshots
python3 vuln_vista.py -u https://demo.owasp-juice.shop/#/ --pdf-report --take-screenshots

Output

Reports are created under output/:

  • report_<domain>_<timestamp>.md
  • optional: report_<domain>_<timestamp>.pdf

Screenshots (when enabled) are saved under screenshots/:

  • screenshot_<page>.png (uses a small JavaScript render delay to avoid blank images)

Sample

MD Report Sample PDF OWASP JUICE SHOP

PDF Report Sample PDF OWASP JUICE SHOP

Screenshot Sample Screenshot OWASP JUICE SHOP

Notes & limitations

  • Non-intrusive only - no active exploit attempts.
  • No login automation included (keeps tool simple & stable).
  • JS parsing is shallow (checks inline and linked JS for token-like patterns).
  • Screenshots require wkhtmltoimage; the tool waits briefly for JS rendering.
  • For large sites, raise --max-pages carefully.
  • Use only on targets you have permission to test.

Ethics

Only scan environments you own or have explicit permission to test. Follow responsible disclosure.

About

Lightweight non-intrusive web vulnerability scanner (Module 7 project).

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages