SecuriScan is a powerful and easy-to-use Python-based cybersecurity tool designed to scan websites for common vulnerabilities and misconfigurations. It helps security professionals, web developers, and system administrators identify and mitigate risks on websites and web applications.
- Outdated Libraries: Detects vulnerable or outdated versions of popular libraries like jQuery and Bootstrap.
- Exposed Admin Panels: Identifies publicly accessible admin panels that could be vulnerable to unauthorized access.
- Missing Security Headers: Checks for missing HTTP security headers like
Strict-Transport-Security,X-Content-Type-Options, andX-XSS-Protection. - Advanced Vulnerabilities: Flags potential CSRF, Directory Traversal, XSS, and SQL Injection vulnerabilities.
- Local Environment Detection: Skips irrelevant checks for local testing environments (e.g.,
localhost). - Retry Logic: Automatically retries failed HTTP requests to handle slow or unstable websites.
- Features
- Installation
- Requirements
- Usage
- Detailed Functionality
- Release Notes
- Contributing
- License
- Contact
SecuriScan requires Python 3.x to run. If you don't have Python installed, you can download it from python.org.
SecuriScan has a few dependencies, which can be installed using pip. Run the following command to install the required libraries:
pip install -r requirements.txtAlternatively, if you don't have a requirements.txt file, you can manually install the dependencies using:
pip install requests beautifulsoup4 termcolorClone this repository to your local machine:
git clone https://github.com/n03stalg1a/SecuriScan.git
cd SecuriScanTo convert the Python script into a standalone executable, you can use PyInstaller:
-
Install PyInstaller:
pip install pyinstaller
-
Create the executable:
pyinstaller --onefile --icon=assets/images/SecuriScan.ico SecuriScan.py
This will generate an executable in the
distfolder that you can run directly without needing Python installed.
- Python 3.x
- Libraries:
requestsbeautifulsoup4termcolor
These libraries are automatically installed via requirements.txt.
Once you've installed all dependencies, you can run SecuriScan either as a Python script or as an .exe file (if you’ve built it using PyInstaller).
-
Navigate to the folder containing the
SecuriScan.pyscript:cd path/to/SecuriScan -
Run the script using Python:
python SecuriScan.py
-
You will be prompted to enter a URL to scan:
Enter the website URL to scan using SecuriScan: https://example.com
If you’ve created the .exe file using PyInstaller, simply double-click the SecuriScan.exe file or run it from the command line:
SecuriScan.exeEnter the website URL when prompted.
SecuriScan scans for known outdated or vulnerable versions of popular JavaScript libraries such as jQuery and Bootstrap. It helps ensure that your website isn’t exposed to security risks associated with these libraries.
SecuriScan attempts to detect common admin panel URLs like /admin, /wp-admin, and /administrator. Exposed admin panels could be vulnerable to unauthorized access if they are not protected properly.
The tool checks for critical HTTP security headers such as Strict-Transport-Security, X-Content-Type-Options, and X-XSS-Protection. Missing headers can expose a website to various attacks such as Man-In-The-Middle (MITM) attacks and Cross-Site Scripting (XSS).
- CSRF: SecuriScan checks if forms on the page have anti-CSRF tokens. Missing tokens can make a website vulnerable to Cross-Site Request Forgery (CSRF) attacks.
- Directory Traversal: The tool detects signs of directory traversal attacks, which could allow attackers to access sensitive files on the server.
- XSS & SQL Injection: These common attack vectors are detected based on known patterns in the page’s content.
- First official release of SecuriScan with Windows executable (.exe).
- Includes basic vulnerability checks: outdated libraries, exposed admin panels, missing security headers, and advanced vulnerabilities (XSS, SQLi, CSRF, etc.).
- SecuriScan.exe is bundled for easy use on Windows systems.
We welcome contributions to SecuriScan! If you’d like to contribute, please follow these steps:
- Fork the repository.
- Create a new branch for your changes.
- Commit your changes.
- Push your changes to your fork.
- Open a pull request.
For any bug reports or feature requests, please open an issue in the GitHub issues section.
SecuriScan is released under the MIT License. See the LICENSE file for more details.