Website Vulnerability Scanning System using Python
1.Background/ Problem Statement
With the rapid development of the Internet, Web security issues have become increasingly prevalent; hackers will exploit Web vulnerabilities to infiltrate websites, resulting in numerous security incidents. Web vulnerability scanners on the market have a number of issues, including insufficient scanning accuracy, large software, low scalability, and so on.
Traditional scanners generally obtain the URL of the website via a crawler, send a request to the website with attack parameters to obtain the payload, and output the corresponding vulnerability report if the payload is successfully verified.
Based on these security threats, using vulnerability scanners to detect vulnerabilities on websites has some value. This Website Vulnerability Scanner uses a callable plug-in framework to automate the scanning process, send a request with parameters to the target website, and detect website vulnerabilities based on the response.
- Working of the Project
SQL injection vulnerabilities, cross-site scripting vulnerabilities, and cross-site request forgery vulnerabilities are examples of common web security flaws. To achieve the goal of invading websites, hackers can conduct penetration tests on target websites and use Web vulnerabilities to escalate privileges on website servers.
Our Website Vulnerability Scanner can collect website information in batches to achieve high concurrency between modules, and tasks can be processed simultaneously between crawlers and plug-ins, improving the efficiency of scanning websites, and the vulnerability script of the system has been updated.
The front-end involves Html, CSS, and JavaScript and the back-end involves Python. The framework used is Django and the database is MySQL. The model used for machine learning is Logistic Regression.
- Advantages
- It is easy to maintain.
- It is user-friendly.
- Detects malware, SQL Injection, XSS attacks, and sub-domain scanning with ease.
- System Description
The system comprises 1 major module with their sub-modules as follows:
USER:
- Registration
- Login
- Scanning
- Malware Detection
Using machine learning, the URL will be passed and will be detected as good or bad)
- Detecting SQL Injection
- Detecting XSS attack
- Sub-domain Scanning
- Logout
- Project Life Cycle
The waterfall model is a classical model used in the system development life cycle to create a system with a linear and sequential approach. It is termed a waterfall because the model develops systematically from one phase to another in a downward fashion. The waterfall approach does not define the process to go back to the previous phase to handle changes in requirements. The waterfall approach is the earliest approach that was used for software development.
- System Requirements
- Hardware Requirement
- Laptop or PC
- Windows 7 or higher
- I3 processor system or higher
- 4 GB RAM or higher
- 100 GB ROM or higher
- Software Requirement
- Laptop or PC
- Python
- Sublime text Editor
- XAMP Server
- Limitation/Disadvantages
- A valid web link must be provided.
- Application – This application sends a request with parameters to the target website and analyses the response to detect website vulnerabilities.
- Reference
- https://www.igi-global.com/gateway/article/full-text-html/302875&riu=true
- https://www.researchgate.net/publication/343434820_Detecting_Security_Vulnerabilities_in_Website_using_Python
- https://ieeexplore.ieee.org/document/9718899
- https://dl.acm.org/doi/abs/10.4018/IJDCF.302875