Share
## https://sploitus.com/exploit?id=C15CA7EA-4604-500C-B184-1AE272CEDB43
# π·οΈ WebHunter β OWASP Top 10 AI Scanner




**Automated web vulnerability scanner covering all OWASP Top 10 categories with AI-powered exploit suggestions**
*P-02 of 9 Β· Cybersecurity Portfolio by [@jmsDev](https://www.linkedin.com/in/jmsilva83)*
---
## What it does
WebHunter runs a full OWASP Top 10 assessment against a target web application β injection testing, authentication probing, misconfiguration detection, XSS fuzzing, SSRF probing β then feeds results to **Google Gemini** for exploitation narrative and remediation guidance.
```bash
webhunter scan http://10.10.11.21
```
---
## Features
- **Full OWASP Top 10 coverage** β A01 through A10, active probing
- **Injection testing** β SQLi (error-based, boolean, time-based), command injection, SSTI
- **XSS fuzzing** β reflected, stored, DOM-based pattern detection
- **Authentication analysis** β default creds, JWT weaknesses, session fixation
- **Misconfiguration detection** β exposed admin panels, directory listing, debug endpoints
- **SSRF probing** β internal interaction detection via URL parameters
- **Component fingerprinting** β server/framework versions matched against known CVEs
- **AI-powered analysis** β Gemini generates PoC context, CVSS rationale, and remediation steps
- **Dark-theme HTML report** β professional report with CVSS-style severity cards
---
## OWASP Top 10 Coverage
| ID | Category | Active Checks |
|---|---|---|
| **A01** | Broken Access Control | IDOR testing, forced browsing, horizontal/vertical privilege escalation |
| **A02** | Cryptographic Failures | HTTP redirect, weak TLS detection, cleartext sensitive data |
| **A03** | Injection | SQLi (3 techniques), CMDi, SSTI, LDAP injection |
| **A04** | Insecure Design | Rate limiting absence, logic flaw indicators |
| **A05** | Security Misconfiguration | Default creds, exposed admin panels, debug mode, open CORS |
| **A06** | Vulnerable Components | Version banner β CVE correlation |
| **A07** | Auth & Session Failures | Brute force exposure, JWT `alg:none`, session fixation |
| **A08** | Software Integrity Failures | Missing SRI on CDN assets |
| **A09** | Logging & Monitoring Failures | Verbose error responses, stack traces |
| **A10** | Server-Side Request Forgery | Internal service reach via URL params |
---
## Installation
```bash
git clone https://github.com/jmsdev83/webhunter
cd webhunter
pip install -e .
cp .env.example .env
# Add GEMINI_API_KEY to .env
```
### Requirements
- Python 3.11+
- Gemini API key: [aistudio.google.com](https://aistudio.google.com) (free tier, optional)
---
## Usage
```bash
# Full OWASP Top 10 scan with AI
webhunter scan http://target.htb
# Target specific check categories
webhunter scan http://target.htb --checks injection,auth,misconfig
# Authenticated scan (pass session cookie)
webhunter scan http://target.htb --cookie "session=abc123"
# Export HTML report
webhunter scan http://target.htb --output report.html --format html
# Fast mode β skip AI analysis
webhunter scan http://target.htb --no-ai
# List all available check modules
webhunter checks
```
---
## Architecture
```
webhunter scan
β
βΌ
TargetAnalyzer β fingerprint stack, crawl endpoints, map parameters
β
βΌ
asyncio.gather() β all OWASP checkers run concurrently
βββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β InjectionChecker AuthChecker MisconfigChecker β
β XSSChecker SSRFChecker ComponentChecker β
β CryptoChecker IntegrityChecker LoggingChecker β
βββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
GeminiAnalyzer β CVSS scoring + exploit context + remediation
β
βΌ
Rich terminal table + HTML/JSON report
```
---
## Severity Classification
| Level | CVSS Range | Example Finding |
|---|---|---|
| π΄ **CRITICAL** | 9.0β10.0 | SQLi with DB extraction, RCE via SSTI |
| π **HIGH** | 7.0β8.9 | Auth bypass, stored XSS, SSRF to internal |
| π‘ **MEDIUM** | 4.0β6.9 | Reflected XSS, CORS wildcard, missing CSP |
| π΅ **LOW** | 0.1β3.9 | Version disclosure, verbose errors |
| βͺ **INFO** | 0.0 | Tech stack fingerprint, open endpoints |
---
## Project Structure
```
webhunter/
βββ webhunter/
β βββ checkers/
β β βββ base.py # BaseChecker ABC
β β βββ injection.py # SQLi, CMDi, SSTI
β β βββ auth.py # Auth/session analysis
β β βββ misconfig.py # Security misconfiguration
β β βββ xss.py # XSS fuzzer
β β βββ ssrf.py # SSRF prober
β β βββ components.py # Version β CVE
β βββ core/
β β βββ crawler.py # Target crawling + param discovery
β β βββ orchestrator.py # Async checker pipeline
β β βββ ai_analyzer.py # Gemini integration
β βββ types/
β β βββ findings.py # Vulnerability, ScanResult, Severity
β βββ report/
β β βββ generator.py
β β βββ template.html
β βββ cli/
β βββ main.py
βββ pyproject.toml
```
---
## Environment Variables
```env
GEMINI_API_KEY=your-key-here # Google AI Studio (free tier)
```
---
## Portfolio
| # | Category | Project | Status |
|---|---|---|---|
| P-01 | Offensive | ReconAI β Recon Orchestrator | β
|
| P-02 | Offensive | **WebHunter** β you are here | β
|
| P-03 | Offensive | PhishSim β Red Team Phishing | β
|
| D-01 | Defensive | SOC-Lite β AI SIEM | β
|
| D-02 | Defensive | ThreatFeed β CTI Aggregator | β
|
| D-03 | Defensive | HoneyGrid β SSH/HTTP Honeypot | β
|
| F-01 | Forensics | DFIR-Auto β Forensic Triage | β
|
| F-02 | Forensics | MalwareScope β Malware Analyzer | β
|
| F-03 | Forensics | PCAPForge β Network Forensics | β
|
---
> β οΈ **Legal Notice** β Only scan applications you own or have explicit written authorization to test.
---
Copyright Β© 2025 Desarrollado desde Las BreΓ±as con π por [@jmsDev](https://www.linkedin.com/in/jmsilva83) Β· All rights reserved