A modern, web-based vulnerability scanner that checks for potential vulnerabilities in web applications. The scanner takes a URL and a list of payloads as input, and checks for vulnerabilities by sending HTTP requests to the URL with the payloads.
- Real-time Scanning: Asynchronous scanning with live progress updates
- Multiple Payloads: Test numerous endpoints in a single scan
- Visual Feedback: Progress bar and real-time result counters
- Modern UI: Clean, responsive design with dark theme
- Input Validation: Validates URLs and payloads before scanning
- Clear Results: Easy-to-read categorized results
- Mobile Friendly: Fully responsive design for all devices
- Enter the Target URL: Input the base URL of the web application to scan (e.g.,
https://example.com/page?id=) - Add Payloads: Enter the payloads to test, one per line (e.g.,
/admin,/.env,/config) - Start Scan: Click the "Start Scan" button to begin
- View Results: Results are displayed in real-time across three categories
Endpoints that return a successful HTTP response (200-299), indicating the resource exists and is accessible.
Endpoints that return error responses (400-599), indicating the resource is not accessible or doesn't exist.
Endpoints that return redirect responses (300-399), indicating the resource redirects to another location.
- Built with HTML5, CSS3, and JavaScript
- Uses Bootstrap 5 for responsive styling
- jQuery for AJAX requests
- CORS proxy for cross-origin requests
The repository includes a payload.txt file with common vulnerability testing payloads including:
- Common admin panels
- Configuration files
- Backup files
- Database endpoints
- WordPress-specific paths
This vulnerability scanner is for educational and authorized testing purposes only.
- Only scan websites you own or have explicit permission to test
- Unauthorized scanning may violate laws and terms of service
- The authors are not responsible for misuse of this tool
See the LICENSE file for details.
Made with β€οΈ by OshekharO