First off, thank you for considering contributing to Web Security Analyzer! It's people like you that make this tool better for everyone.
This project and everyone participating in it is governed by respect and professionalism. By participating, you are expected to uphold this code.
Before creating bug reports, please check the existing issues to avoid duplicates. When you create a bug report, include as many details as possible:
- Use a clear and descriptive title
- Describe the exact steps to reproduce the problem
- Provide specific examples (URLs, payloads, configurations)
- Describe the behavior you observed and what you expected
- Include screenshots if applicable
- Specify your environment (Python version, OS, etc.)
Enhancement suggestions are tracked as GitHub issues. When creating an enhancement suggestion, include:
- Use a clear and descriptive title
- Provide a step-by-step description of the suggested enhancement
- Provide specific examples to demonstrate the feature
- Explain why this enhancement would be useful
- Fill in the required template
- Follow the Python style guide (PEP 8)
- Include comments in your code where necessary
- Update documentation for any changed functionality
- Add tests if applicable
- Ensure all tests pass
- Fork and clone the repository
git clone https://github.com/YOUR_USERNAME/web-sec-analyzer.git
cd web-sec-analyzer- Create a virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate- Install dependencies
pip install -r requirements.txt- Create a branch
git checkout -b feature/your-feature-name- Follow PEP 8
- Use type hints where appropriate
- Write docstrings for all functions and classes
- Keep functions focused and concise
- Use meaningful variable names
- Use the present tense ("Add feature" not "Added feature")
- Use the imperative mood ("Move cursor to..." not "Moves cursor to...")
- Limit the first line to 72 characters or less
- Reference issues and pull requests liberally
def scan_for_vulnerability(url: str, payload: str) -> bool:
"""
Scan a URL for a specific vulnerability using a payload.
Args:
url: Target URL to scan
payload: Test payload to inject
Returns:
True if vulnerability detected, False otherwise
"""
# Implementation here
passBefore submitting a pull request:
- Test your changes manually
- Ensure no existing functionality is broken
- Test with various URLs and payloads
- Verify HTML reports generate correctly
- Create a new file in
scanner/directory - Implement the scanner class with a
scan()method - Follow the pattern of existing scanners
- Update
main.pyto integrate the new scanner - Update documentation
Example structure:
class NewVulnerabilityScanner:
"""Scanner for detecting XYZ vulnerabilities"""
def __init__(self, http_client: HTTPClient):
self.http_client = http_client
self.vulnerabilities = []
def scan(self, url: str) -> List[Dict]:
"""
Scan URL for vulnerabilities
Args:
url: Target URL
Returns:
List of vulnerabilities found
"""
# Implementation
return self.vulnerabilities- Create a new generator class in
report_generator.pyor a new file - Implement the generation logic
- Update CLI to support the new format
- Update documentation
- Update README.md for new features
- Add docstrings to all new functions and classes
- Update examples if needed
- Keep documentation clear and concise
When contributing:
- Never commit sensitive data (credentials, tokens, etc.)
- Test responsibly - only on authorized targets
- Consider security implications of new features
- Report security issues privately to maintainers first
Feel free to open an issue for any questions about contributing!
By contributing, you agree that your contributions will be licensed under the MIT License.