Skip to content
/ Web-Vulnerability-Finder Public

Web Vulnerability Finder — Detects XSS, SQL Injection, CSRF, and Port vulnerabilities with a modern React + Node.js stack

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vikas-kh/Web-Vulnerability-Finder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
__pycache__
__pycache__
 
 
client
client
 
 
node-backend
node-backend
 
 
README.md
README.md
 
 
test.txt
test.txt
 
 

Repository files navigation

Web Vulnerability Finder

An advanced web vulnerability scanner with a modern React frontend and unified Node.js backend.

Features

  • Scan for XSS, SQL Injection, CSRF, and open ports on any website
  • Modern React UI with Tailwind CSS
  • Scan history stored in MongoDB (view, delete, status color)
  • Node.js/Express API with integrated scanning modules
  • Unified backend - no Python required

Architecture

React Frontend <-> Node.js/Express (MongoDB + Scanners)

Setup

1. Node.js/Express Backend (API + Scanners + MongoDB)

  1. Go to node-backend/
  2. Install dependencies: 
    npm install
  3. Make sure MongoDB is running locally (default URI: mongodb://localhost:27017/vulnscan)
  4. Start the Node.js server: 
    npm start

2. React Frontend

  1. Go to client/
  2. Install dependencies: 
    npm install
  3. Start the frontend: 
    npm run dev
  4. Open http://localhost:5173 in your browser

Usage

  • Enter a website URL and select a scan type (XSS, SQLi, CSRF, Port Scan, or both)
  • View results instantly in the UI
  • Switch to the History tab to see all previous scans, their status, and delete any entry

Screenshots

Tech Stack

  • Frontend: React, Tailwind CSS, Vite
  • Backend: Node.js, Express, MongoDB
  • Libraries: cheerio (HTML parsing), axios (HTTP requests)

Description

Web Vulnerability Finder is a full-stack application that allows users to scan websites for common vulnerabilities such as XSS, SQL Injection, CSRF, and open ports. It features a modern, user-friendly React frontend, and a Node.js/Express backend that handles both scanning and stores scan history in MongoDB. The UI is styled with Tailwind CSS for a beautiful and responsive experience.

How the Code Works

Frontend (React):

  • Users enter a website URL and select the type of scan (XSS, SQLi, CSRF, Port Scan, or both).
  • The frontend sends a request to the Node.js backend (/api/scan).
  • Results are displayed instantly, with color-coded status and details.
  • The History tab fetches scan history from MongoDB via the Node.js backend, allowing users to review or delete past scans.

Node.js/Express Backend:

  • Receives scan requests from the frontend.
  • Performs vulnerability scanning using specialized modules:
    • xss_scanner.js - Scans for Cross-Site Scripting vulnerabilities
    • sql_scanner.js - Scans for SQL Injection vulnerabilities
    • csrf_scanner.js - Scans for CSRF vulnerabilities
    • port_scanner.js - Scans open ports on target host
  • Stores the scan result in MongoDB for history and analytics.
  • Provides REST endpoints for scan history (list, get, delete).

MongoDB:

  • Stores all scan results, including URL, scan type, result details, and timestamps.

Flow Example:

  1. User submits a scan in the React UI.
  2. React calls Node.js /api/scan.
  3. Node.js performs the scan using the appropriate scanner module.
  4. Node.js saves the result in MongoDB and returns it to React.
  5. React displays the result and updates the history.

Vulnerability-Finder-Nodejs

About

Web Vulnerability Finder — Detects XSS, SQL Injection, CSRF, and Port vulnerabilities with a modern React + Node.js stack

Topics

python cybersecurity sql-injection xss-vulnerability portscanner mern-stack scanner-web

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages