Share
## https://sploitus.com/exploit?id=C15CA7EA-4604-500C-B184-1AE272CEDB43
# πŸ•·οΈ WebHunter β€” OWASP Top 10 AI Scanner



![Python](https://img.shields.io/badge/Python-3.11+-3776AB?style=for-the-badge&logo=python&logoColor=white)
![OWASP](https://img.shields.io/badge/OWASP-Top_10-000000?style=for-the-badge&logo=owasp&logoColor=white)
![Gemini](https://img.shields.io/badge/Gemini_AI-Free_Tier-4285F4?style=for-the-badge&logo=google&logoColor=white)
![Portfolio](https://img.shields.io/badge/Portfolio-P--02_Offensive-critical?style=for-the-badge)

**Automated web vulnerability scanner covering all OWASP Top 10 categories with AI-powered exploit suggestions**

*P-02 of 9 Β· Cybersecurity Portfolio by [@jmsDev](https://www.linkedin.com/in/jmsilva83)*



---

## What it does

WebHunter runs a full OWASP Top 10 assessment against a target web application β€” injection testing, authentication probing, misconfiguration detection, XSS fuzzing, SSRF probing β€” then feeds results to **Google Gemini** for exploitation narrative and remediation guidance.

```bash
webhunter scan http://10.10.11.21
```

---

## Features

- **Full OWASP Top 10 coverage** β€” A01 through A10, active probing
- **Injection testing** β€” SQLi (error-based, boolean, time-based), command injection, SSTI
- **XSS fuzzing** β€” reflected, stored, DOM-based pattern detection
- **Authentication analysis** β€” default creds, JWT weaknesses, session fixation
- **Misconfiguration detection** β€” exposed admin panels, directory listing, debug endpoints
- **SSRF probing** β€” internal interaction detection via URL parameters
- **Component fingerprinting** β€” server/framework versions matched against known CVEs
- **AI-powered analysis** β€” Gemini generates PoC context, CVSS rationale, and remediation steps
- **Dark-theme HTML report** β€” professional report with CVSS-style severity cards

---

## OWASP Top 10 Coverage

| ID | Category | Active Checks |
|---|---|---|
| **A01** | Broken Access Control | IDOR testing, forced browsing, horizontal/vertical privilege escalation |
| **A02** | Cryptographic Failures | HTTP redirect, weak TLS detection, cleartext sensitive data |
| **A03** | Injection | SQLi (3 techniques), CMDi, SSTI, LDAP injection |
| **A04** | Insecure Design | Rate limiting absence, logic flaw indicators |
| **A05** | Security Misconfiguration | Default creds, exposed admin panels, debug mode, open CORS |
| **A06** | Vulnerable Components | Version banner β†’ CVE correlation |
| **A07** | Auth & Session Failures | Brute force exposure, JWT `alg:none`, session fixation |
| **A08** | Software Integrity Failures | Missing SRI on CDN assets |
| **A09** | Logging & Monitoring Failures | Verbose error responses, stack traces |
| **A10** | Server-Side Request Forgery | Internal service reach via URL params |

---

## Installation

```bash
git clone https://github.com/jmsdev83/webhunter
cd webhunter
pip install -e .

cp .env.example .env
# Add GEMINI_API_KEY to .env
```

### Requirements

- Python 3.11+
- Gemini API key: [aistudio.google.com](https://aistudio.google.com) (free tier, optional)

---

## Usage

```bash
# Full OWASP Top 10 scan with AI
webhunter scan http://target.htb

# Target specific check categories
webhunter scan http://target.htb --checks injection,auth,misconfig

# Authenticated scan (pass session cookie)
webhunter scan http://target.htb --cookie "session=abc123"

# Export HTML report
webhunter scan http://target.htb --output report.html --format html

# Fast mode β€” skip AI analysis
webhunter scan http://target.htb --no-ai

# List all available check modules
webhunter checks
```

---

## Architecture

```
webhunter scan 
      β”‚
      β–Ό
  TargetAnalyzer       ← fingerprint stack, crawl endpoints, map parameters
      β”‚
      β–Ό
  asyncio.gather()     ← all OWASP checkers run concurrently
  β”Œβ”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
  β”‚  InjectionChecker   AuthChecker      MisconfigChecker    β”‚
  β”‚  XSSChecker         SSRFChecker      ComponentChecker    β”‚
  β”‚  CryptoChecker      IntegrityChecker LoggingChecker      β”‚
  β””β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
      β”‚
      β–Ό
  GeminiAnalyzer       ← CVSS scoring + exploit context + remediation
      β”‚
      β–Ό
  Rich terminal table + HTML/JSON report
```

---

## Severity Classification

| Level | CVSS Range | Example Finding |
|---|---|---|
| πŸ”΄ **CRITICAL** | 9.0–10.0 | SQLi with DB extraction, RCE via SSTI |
| 🟠 **HIGH** | 7.0–8.9 | Auth bypass, stored XSS, SSRF to internal |
| 🟑 **MEDIUM** | 4.0–6.9 | Reflected XSS, CORS wildcard, missing CSP |
| πŸ”΅ **LOW** | 0.1–3.9 | Version disclosure, verbose errors |
| βšͺ **INFO** | 0.0 | Tech stack fingerprint, open endpoints |

---

## Project Structure

```
webhunter/
β”œβ”€β”€ webhunter/
β”‚   β”œβ”€β”€ checkers/
β”‚   β”‚   β”œβ”€β”€ base.py              # BaseChecker ABC
β”‚   β”‚   β”œβ”€β”€ injection.py         # SQLi, CMDi, SSTI
β”‚   β”‚   β”œβ”€β”€ auth.py              # Auth/session analysis
β”‚   β”‚   β”œβ”€β”€ misconfig.py         # Security misconfiguration
β”‚   β”‚   β”œβ”€β”€ xss.py               # XSS fuzzer
β”‚   β”‚   β”œβ”€β”€ ssrf.py              # SSRF prober
β”‚   β”‚   └── components.py        # Version β†’ CVE
β”‚   β”œβ”€β”€ core/
β”‚   β”‚   β”œβ”€β”€ crawler.py           # Target crawling + param discovery
β”‚   β”‚   β”œβ”€β”€ orchestrator.py      # Async checker pipeline
β”‚   β”‚   └── ai_analyzer.py       # Gemini integration
β”‚   β”œβ”€β”€ types/
β”‚   β”‚   └── findings.py          # Vulnerability, ScanResult, Severity
β”‚   β”œβ”€β”€ report/
β”‚   β”‚   β”œβ”€β”€ generator.py
β”‚   β”‚   └── template.html
β”‚   └── cli/
β”‚       └── main.py
└── pyproject.toml
```

---

## Environment Variables

```env
GEMINI_API_KEY=your-key-here      # Google AI Studio (free tier)
```

---

## Portfolio

| # | Category | Project | Status |
|---|---|---|---|
| P-01 | Offensive | ReconAI β€” Recon Orchestrator | βœ… |
| P-02 | Offensive | **WebHunter** ← you are here | βœ… |
| P-03 | Offensive | PhishSim β€” Red Team Phishing | βœ… |
| D-01 | Defensive | SOC-Lite β€” AI SIEM | βœ… |
| D-02 | Defensive | ThreatFeed β€” CTI Aggregator | βœ… |
| D-03 | Defensive | HoneyGrid β€” SSH/HTTP Honeypot | βœ… |
| F-01 | Forensics | DFIR-Auto β€” Forensic Triage | βœ… |
| F-02 | Forensics | MalwareScope β€” Malware Analyzer | βœ… |
| F-03 | Forensics | PCAPForge β€” Network Forensics | βœ… |

---

> ⚠️ **Legal Notice** β€” Only scan applications you own or have explicit written authorization to test.

---



Copyright Β© 2025 Desarrollado desde Las BreΓ±as con πŸ’œ por [@jmsDev](https://www.linkedin.com/in/jmsilva83) Β· All rights reserved