A comprehensive web application vulnerability scanner with endpoint discovery and flexible testing options.
- Endpoint Discovery: Automatically discover and enumerate website endpoints
- Vulnerability Testing: Test for common web vulnerabilities including: - SQL Injection (SQLi) - Cross-Site Scripting (XSS) - CSRF vulnerabilities - Insecure Direct Object References (IDOR) - Exposed debug tools - File disclosure vulnerabilities - Weak admin credentials - Missing HTTPS/TLS issues - Broken access control - Session/token management issues
- Clone the repository:
git clone https://github.com/Skyrxin/VulnScan.git
- Install Python dependencies:
pip install -r requirements.txt
python scanner.py --target https://example.com --discover-only
python scanner.py --target https://example.com --scan-all
python scanner.py --target https://example.com --discover --save-endpoints endpoints.json
python scanner.py --load-endpoints endpoints.json --scan-vulnerabilities
Create a Discord webhook in your server (Server Settings → Integrations → Webhooks). Run the scanner and pass the webhook URL:
python scanner.py --target https://example.com --scan-all --discord-webhook https://discord.com/api/webhooks/WEBHOOK_ID/WEBHOOK_TOKEN
If the webhook is configured correctly you'll see a console message:
-
scanner.py- Main scanner application -
modules/- Core scanning modules
- endpoint_discovery.py - Endpoint discovery and enumeration
- vulnerability_scanner.py - Vulnerability testing modules
- status_checker.py - Status code checking and visualization
- payloads.py - Attack payloads and test cases
-
results/- Scan results and reports -
wordlists/- Common endpoint wordlists
The scanner provides color-coded terminal output and can save results in JSON format for further analysis.