Web Vulnerability Scanner: Framework Documentation

This document provides comprehensive documentation for the bash-based Web Vulnerability Scanner.

1. Overview 📝

The Web Vulnerability Scanner is an automated security tool designed to perform reconnaissance and vulnerability scanning on a target domain and its subdomains. It focuses on dynamic wordlist generation, comprehensive enumeration, and a multi-faceted approach to fuzzing and vulnerability detection.

2. Core Features ✨

• Subdomain Enumeration: Discovers subdomains using crt.sh.
• Dynamic Wordlist Generation: Creates context-aware wordlists from a base keyword file (u.txt) to find non-obvious paths and parameters.
• Website Crawling: Maps out the target application by crawling for links.
• Comprehensive Scanning:
  • Nmap: Performs in-depth port and service scanning with vulnerability scripts.
  • Injection Fuzzing: Tests for XXE (XML External Entity) vulnerabilities.
  • HTTP Fuzzing: Fuzzes directories, parameters, and headers.
  • UI Simulation: Parses HTML to find forms and fuzzes their inputs dynamically.
• Reporting: Consolidates all findings into a primary report file (security_scan_report.txt) and generates detailed Nmap output files.

3. Prerequisites 🛠️

Before running the scanner, ensure the following tools are installed and available in your system's PATH:

• curl: For making HTTP requests.
• jq: For parsing JSON output from crt.sh.
• nmap: For port scanning and vulnerability detection. (Requires root/sudo privileges for some scan types like sS).
• dig: For DNS lookups.
• python3: Used for URL encoding and the HTML parser helper script.