Share 
## https://sploitus.com/exploit?id=C19F23D2-6794-52D2-9EB6-2833F0E74D9F
# ๐Ÿ•ท๏ธ WebPentest โ€” Web Application Penetration Testing Tool

> Automated web vulnerability scanner: SQL Injection, XSS, Directory Bruteforcing, Security Headers, and Target Fingerprinting โ€” all in one B-Tier project.

![Python](https://img.shields.io/badge/Python-3.8%2B-blue?logo=python)
![License](https://img.shields.io/badge/License-MIT-green)
![OWASP](https://img.shields.io/badge/OWASP-Top%2010-red)

---

## ๐Ÿ“Œ What This Tool Does

WebPentest is a modular web application security scanner. It tests for the most common and impactful web vulnerabilities found in OWASP Top 10, generates professional pentest reports, and is built entirely in Python.

---

## โšก Features

| Module | Description |
|--------|-------------|
| **Fingerprinting** | Detect server, language, framework, SSL/TLS info, forms, HTML comments |
| **SQL Injection** | Error-based, boolean-based, and time-based blind SQLi detection |
| **XSS** | Reflected XSS across URL parameters with 10 evasion payloads |
| **Security Headers** | Detect missing CSP, HSTS, X-Frame-Options, X-XSS-Protection |
| **Directory Scan** | Bruteforce hidden files and directories (admin, .git, .env, backups) |
| **HTML Reports** | Professional dark-themed pentest report with severity color coding |

---

## ๐Ÿš€ Quick Start

```bash
git clone https://github.com/raza360ahmed/WebPentest.git
cd WebPentest
pip install -r requirements.txt

# Full scan on intentionally vulnerable test target (legal & safe)
python main.py http://testphp.vulnweb.com --scan all

# SQLi only on a specific URL with parameters
python main.py http://testphp.vulnweb.com --url "http://testphp.vulnweb.com/artists.php?artist=1" --scan sqli

# Directory bruteforce only
python main.py http://testphp.vulnweb.com --scan dirs --threads 30

# Run tests
python -m pytest tests/ -v
```

---

## ๐Ÿ“– Usage

```
python main.py TARGET [OPTIONS]

positional:
  target              Base URL (e.g., http://testphp.vulnweb.com)

options:
  --url  -u           Specific URL with parameters for SQLi/XSS testing
  --scan -s           Modules: fingerprint sqli xss headers dirs all
  --threads -t        Dir scan threads (default: 20)
  --timeout           Request timeout seconds (default: 10)
  --wordlist -w       Custom wordlist file for dir scanning
  --output -o         Report directory (default: reports/)
  --delay             Delay between requests in seconds
```

---

## ๐ŸŽฏ Safe Test Targets

> **Only scan systems you own or have explicit permission to test.**

These are intentionally vulnerable systems for legal practice:

| Target | Description |
|--------|-------------|
| `http://testphp.vulnweb.com` | Acunetix demo โ€” SQLi, XSS, file exposure |
| `http://demo.testfire.net` | IBM demo bank โ€” login bypass, SQLi |
| `http://localhost/dvwa` | DVWA โ€” run locally with Docker |

---

## ๐Ÿ“ Project Structure

```
WebPentest/
โ”œโ”€โ”€ main.py              # CLI entry point
โ”œโ”€โ”€ requirements.txt
โ”œโ”€โ”€ README.md
โ”œโ”€โ”€ .gitignore
โ”‚
โ”œโ”€โ”€ src/
โ”‚   โ”œโ”€โ”€ fingerprint.py   # Target recon & tech detection
โ”‚   โ”œโ”€โ”€ sqli.py          # SQL injection scanner
โ”‚   โ”œโ”€โ”€ xss.py           # XSS + security headers
โ”‚   โ”œโ”€โ”€ dirscanner.py    # Directory/file bruteforcer
โ”‚   โ””โ”€โ”€ reporter.py      # JSON + CSV + HTML reports
โ”‚
โ”œโ”€โ”€ tests/
โ”‚   โ””โ”€โ”€ test_webpentest.py  # 15 unit tests
โ”‚
โ”œโ”€โ”€ wordlists/           # Add custom wordlists here
โ””โ”€โ”€ reports/             # Generated reports (auto-created)
```

---

## ๐Ÿ“Š Report Output

The HTML report includes:
- **Overall risk level** (CRITICAL / HIGH / MEDIUM / LOW)
- **Severity breakdown** by count
- **Target fingerprint** (server, tech stack, SSL info)
- **Each finding** with URL, parameter, payload, evidence, and remediation

---

## ๐Ÿ”ฌ Vulnerabilities Detected

### SQL Injection (CRITICAL)
Detects error-based, boolean-based, and time-based blind SQLi by injecting standard payloads into URL parameters and analyzing responses for database error strings and timing anomalies.

### Cross-Site Scripting (HIGH)
Tests for reflected XSS by injecting 10 payloads covering different HTML contexts (script tags, event handlers, SVG, image onerror) and checking if they appear unescaped in the response.

### Missing Security Headers (MEDIUM-HIGH)
Checks for Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-XSS-Protection, and X-Content-Type-Options.

### Hidden Directories (VARIABLE)
Bruteforces common paths including admin panels, backup files, `.git`, `.env`, config files, and API endpoints.

---

## โš ๏ธ Legal Disclaimer

This tool is for **authorized penetration testing and educational use only**.  
Unauthorized use against systems you don't own is illegal.

---

## ๐Ÿ‘ค Author

**Ahmed Raza**  
BS Digital Forensics & Cyber Security โ€” Hamdard University  
[GitHub](https://github.com/raza360ahmed) ยท [LinkedIn](https://linkedin.com/in/ahmed-raza-612683293)

---

## ๐Ÿ“„ License

MIT License