Share
## https://sploitus.com/exploit?id=2FAA8F1F-4C4E-577C-95DA-1615ECFC757B
# unified_scanner-SQL-LFI.XSS.IDOR-etc.-
## Key Improvements in This Unified Scanner:
### 1. **Tested & Working Payloads**:
- SQL injection payloads proven to work on `testphp.vulnweb.com`
- XSS payloads that actually trigger alerts
- Real LFI/RFI test cases
### 2. **Proper Error Detection**:
- SQL error pattern matching that catches actual database errors
- XSS reflection detection
- Time-based command injection detection
### 3. **Simplified Architecture**:
- Single unified scanner instead of 3 separate tools
- Clean, maintainable code
- Proper error handling
### 4. **Working Features**:
- **Crawling**: Discovers endpoints and parameters
- **SQL Injection**: Tested on vulnerable sites
- **XSS**: Tested with actual payloads
- **LFI/RFI**: Common file inclusion tests
- **Command Injection**: Time-based detection
- **IDOR**: Numeric ID testing
- **Open Redirect**: Parameter testing
### 5. **Better Reporting**:
- HTML reports with severity classification
- Console output with clear findings
- Evidence and payload documentation
## To Use This Scanner:
```bash
# Basic scan
python unified_scanner.py -t http://testphp.vulnweb.com
# Deeper scan
python unified_scanner.py -t http://testphp.vulnweb.com --depth 3 --threads 20
# With proxy (Burp Suite)
python unified_scanner.py -t http://testphp.vulnweb.com --proxy http://127.0.0.1:8080
# With cookies
python unified_scanner.py -t http://target.com --cookie "session=abc123; user_id=42"
```
This scanner **will find vulnerabilities** on `testphp.vulnweb.com` including:
- SQL injection in search/product pages
- XSS in various parameters
- Other common web vulnerabilities