All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
1.0.0 - 2024-12-31
-
SQL Injection Detection: Comprehensive SQL injection vulnerability scanner
- Tests URL parameters and POST form inputs
- Detects database-specific error messages
- Supports multiple SQL injection payloads (20+ variations)
- Identifies vulnerabilities in MySQL, PostgreSQL, MSSQL, Oracle, and SQLite
-
XSS Vulnerability Detection: Cross-Site Scripting scanner
- Detects reflected XSS vulnerabilities
- Tests URL parameters and HTML forms
- Supports 20+ XSS payloads
- Identifies script injection and event handler injection
-
Security Headers Analysis: HTTP security header checker
- Analyzes 7+ security-critical headers
- Detects missing security headers
- Identifies weak header configurations
- Flags information disclosure headers
- Provides actionable recommendations
- Professional HTML Reports: Beautiful, detailed security reports
- Responsive design with modern CSS
- Color-coded severity levels (High, Medium, Low)
- Detailed vulnerability information
- Executive summary with statistics
- Remediation recommendations
- Evidence and payload information
- Command-Line Interface: User-friendly CLI with multiple options
- Scan all vulnerabilities or specific types
- Configurable timeout settings
- Custom output file paths
- Verbose logging mode
- Color-coded terminal output
- Progress indicators
- Modular Design: Clean, maintainable code structure
- Separation of concerns
- Reusable HTTP client
- Independent scanner modules
- Pluggable architecture
- Comprehensive Documentation
- Professional README with usage examples
- Contributing guidelines
- Security policy
- Code examples and demos
- Legal disclaimers
web-sec-analyzer/
├── scanner/ # Main package
│ ├── __init__.py # Package initialization
│ ├── main.py # CLI and orchestration
│ ├── http_utils.py # HTTP client utilities
│ ├── sql_injection.py # SQL injection scanner
│ ├── xss_scanner.py # XSS scanner
│ ├── security_headers.py # Security headers analyzer
│ └── report_generator.py # HTML report generation
├── examples/ # Usage examples
│ ├── README.md # Examples documentation
│ └── usage_examples.py # Python usage examples
├── README.md # Main documentation
├── CONTRIBUTING.md # Contribution guidelines
├── SECURITY.md # Security policy
├── LICENSE # MIT License
├── requirements.txt # Python dependencies
├── setup.py # Package setup
└── .gitignore # Git ignore rules
- requests >= 2.31.0
- beautifulsoup4 >= 4.12.0
- lxml >= 4.9.0
- colorama >= 0.4.6
- jinja2 >= 3.1.2
- urllib3 >= 2.0.0
- Read-only vulnerability detection
- No exploitation of vulnerabilities
- Proper output sanitization
- Timeout protection
- Safe test payloads
- Initial release
- Production-ready
- CV/Portfolio ready
- Educational and professional use