Share
## https://sploitus.com/exploit?id=78F39063-8ECF-5A4D-B0BE-E3FEF3864B7B
# scan_web โ€” Crawl & XSS/SQLi reconnaissance tool

A small, opinionated Python tool for quickly crawling a target site (same-host), discovering input parameters, and running ordered per-parameter checks: XSS payload testing (reflected) followed by SQLi indicator testing. It validates CVE and CWE tokens it finds by querying the NVD and MITRE indexes (optional).

WARNING: This tool sends HTTP requests to target hosts. Only run it against systems you own or where you have explicit authorization to test.

## Requirements

- Python 3.8+ (3.11 used in development)
- requests

Install dependencies:

```powershell
python -m pip install --user requests
```

## Files

- `scan_web.py` โ€” main scanner script (crawl -> XSS -> SQLi). Outputs results to `./result/.txt`.
- `README.md` โ€” this document.

## Quick usage

Run a normal crawl-and-scan (crawler enabled by default):

```powershell
python3 scan_web.py -u http://example.com
```

Scan a URL without crawling (only test parameters present in the provided URL):

```powershell
python3 scan_web.py -u "http://example.com/page.php?id=1" --no-crawl
```

Limit pages to crawl and reduce request timeout (helpful to avoid long stalls):

```powershell
python3 scan_web.py -u http://example.com --crawl-pages 6 --timeout 6
```

Speed up scans by limiting payload counts for reconnaissance:

```powershell
python3 scan_web.py -u http://example.com --max-xss 12 --max-sqli 30
```

If you prefer to avoid external CVE/CWE lookups (NVD/MITRE), disable enrichment:

```powershell
python3 scan_web.py -u http://example.com --no-enrich
```

## CLI flags (summary)

- `-u`, `--url` : Target URL to scan (query string not required; crawler will discover inputs when enabled)
- `-y`, `--yes` : Skip authorization prompt (non-interactive)
- `--no-enrich` : Disable NVD/MITRE enrichment (enabled by default)
- `--no-crawl` : Disable crawling; only test parameters present in the provided URL
- `--crawl-pages N` : Maximum pages to crawl (default: 8)
- `--timeout N` : Request timeout in seconds (default: 12)
- `--max-sqli N` : Limit number of SQLi payloads to use (0 = no limit)
- `--max-xss N` : Limit number of XSS payloads to use (0 = no limit)

Note: There are also internal throttling/threading controls (THREADS, REQUEST_DELAY) in the script. If you want, I can expose `--threads` and `--delay` flags to the CLI.

## Output

- Results are appended to `./result/.txt` (a human-friendly text report). The script also prints findings to stdout in real time.
- Each finding includes:
  - parameter name
  - payload/vector tested
  - evidence snippet
  - validated CVE/CWE entries (if found and enrichment is enabled)
  - CVSS / heuristic severity when available

## Safety & performance tips

- Start with small values for `--crawl-pages`, `--max-xss`, and `--max-sqli` to get a quick overview. Increase them later for deeper testing.
- Use `--timeout` to avoid long TLS/read stalls on slow hosts.
- Respect `robots.txt` โ€” the scanner checks and will skip XSS if crawling is disallowed for the path.
- Consider adding a short delay between requests (`REQUEST_DELAY`) if scanning a sensitive production host.

## Next improvements you can enable

- Expose `--threads` and `--delay` flags to the CLI for concurrency and polite throttling.
- Add a `--fast-scan` preset that uses a smaller payload set and fewer pages for quick reconnaissance.
- Add unit tests for CVE/CW E extraction and severity inference (mock NVD responses).

## Example quick command

```powershell
python3 scan_web.py -u http://unesco.com --crawl-pages 4 --max-xss 12 --max-sqli 30 --timeout 6
```