ShubhamWebScript is a lightweight Python-based Website Vulnerability Checker created for cybersecurity learning, ethical hacking practice, and authorized web application security testing.
The script checks parameter-based URLs for common vulnerability indicators such as SQL Injection, Cross-Site Scripting, Remote Code / Command Execution indicators, and basic server header fingerprinting.
β οΈ This tool is made strictly for educational and authorized security testing only. Do not scan websites you do not own or do not have written permission to test.
- GitHub Profile: https://github.com/ShubhamTuts/
- Repository: https://github.com/ShubhamTuts/ShubhamWebScript-Website-vulnerability-Checker
- YouTube Channel: https://www.youtube.com/channel/UCo20vtvL8D3nRjuZq0S5yVg
- Contact Email: wpsparkofficial@gmail.com
ShubhamWebScript is a simple command-line web application security scanner.
It is designed to help beginners, developers, and cybersecurity learners understand how basic vulnerability detection works by testing URL parameters and reading server responses.
The scanner can test:
- Single URLs
- Multiple URLs from a list
- Parameter-based web pages
- Basic response patterns
- Server headers
- Common web vulnerability indicators
- Single URL scanning
- Bulk URL list scanning
- Error-based SQL Injection detection
- Reflected XSS indicator detection
- Remote Code / Command Execution indicator checks
- Backend server header fingerprinting
- Basic WAF behavior detection
- Custom user-agent request support
- Terminal-based scanner interface
- Lightweight and beginner-friendly
The scanner checks for common database error patterns that may indicate possible SQL Injection issues.
It includes detection patterns for:
- MySQL
- Microsoft SQL Server
- Microsoft Access
- Oracle
- PostgreSQL
The script checks whether test input is reflected in the response body.
This can help identify possible reflected Cross-Site Scripting behavior in parameter-based URLs.
The scanner checks for response indicators that may suggest possible command execution or server-side code execution behavior.
ShubhamWebScript reads basic HTTP headers to identify backend technology information such as:
- Host
- Server
- X-Powered-By headers
| Welcome Screen | Scanner Interface |
|---|---|
 |
 |
| Scan Result | Terminal Output |
|---|---|
 |
 |
This is a legacy Python project and works best with:
Python 2.7Required project files:
ShubhamWebScript.py
headers.py
vulnz.pyClone the repository:
git clone https://github.com/ShubhamTuts/ShubhamWebScript-Website-vulnerability-Checker.gitGo to the project folder:
cd ShubhamWebScript-Website-vulnerability-CheckerRun the scanner:
python ShubhamWebScript.pyStart the script:
python ShubhamWebScript.pyYou will see an option like this:
[!] Scan URL or List of URLs? [1/2]:Choose:
1to scan a single URL.
Choose:
2to scan multiple URLs from a text file.
The scanner works with parameter-based URLs.
Correct format:
http://example.com/page.php?id=1Other valid examples:
http://example.com/product.php?item=10
http://example.com/view.php?page=about
http://example.com/news.php?post=25Incorrect format:
http://example.com/The URL must contain a query parameter such as:
?id=1
?page=home
?product=10Create a text file:
list.txtAdd URLs like this:
http://example.com/page.php?id=1
http://example.com/product.php?id=20
http://example.com/news.php?post=5Run the script and choose option:
2Then enter:
list.txt[!] Fingerprinting the backend Technologies.
[!] Status code: 200 OK
[!] Host: example.com
[!] WebServer: Apache
[!] Now Scanning for Remote Code/Command Execution
[!] Now Scanning for XSS
[!] Now Scanning for Error Based SQL InjectionShubhamWebScript is useful for:
- Cybersecurity students
- Ethical hacking learners
- Web security beginners
- Developers testing their own applications
- Local security labs
- CTF environments
- Authorized client website audits
- Bug bounty learning where testing is allowed
Use this tool only on:
- Websites you own
- Localhost projects
- Authorized client websites
- Legal cybersecurity labs
- CTF platforms
- Bug bounty programs that clearly allow testing
Do not use this script on:
- Random public websites
- Government websites
- Banking websites
- Private systems
- School, college, or company websites without permission
- Any website where you do not have written authorization
Unauthorized scanning may be illegal.
This project is created to help learners understand the basics of:
- Web application security
- Input validation
- URL parameter testing
- Server response analysis
- Security headers
- Common vulnerability patterns
- Ethical hacking methodology
It should be used as a learning project, not as an offensive tool.
Website Vulnerability Checker, Python Vulnerability Scanner, Web Application Security Scanner, SQL Injection Scanner, XSS Scanner, Ethical Hacking Tool, Cybersecurity Tool, Web Security Scanner, Bug Bounty Tool, Penetration Testing Script, Security Testing Tool, Python Security Scanner, Web Pentesting Tool, Website Security Checker, ShubhamWebScript, ShubhamTuts.
Developed by Shubham Kumar Sinha
- GitHub: https://github.com/ShubhamTuts/
- YouTube: https://www.youtube.com/channel/UCo20vtvL8D3nRjuZq0S5yVg
- Email: wpsparkofficial@gmail.com
If this project helped you, please support it by:
- Starring the repository
- Sharing it with cybersecurity learners
- Subscribing to ShubhamTuts on YouTube
- Submitting improvements through pull requests
Contributions are welcome.
You can contribute by:
- Improving documentation
- Fixing legacy Python compatibility issues
- Adding Python 3 support
- Improving scanner output
- Adding safer validation checks
- Improving error handling
- Adding better reporting
Planned improvements may include:
- Python 3 upgrade
- Cleaner command-line interface
- Better vulnerability reporting
- JSON report export
- HTML report export
- Improved URL validation
- Better error handling
- Safer scanning controls
- More beginner-friendly documentation
This project is released for educational and authorized security testing purposes only.
By using this project, you agree that you are fully responsible for your own actions.