VulnScanX is a powerful, web-based automated vulnerability scanning tool designed to help identify common security flaws in web applications. Built with Python (Flask) and modern frontend technologies, it provides a comprehensive suite of reconnaissance and vulnerability detection capabilities, offering real-time progress updates, detailed reports, and a user-friendly interface.
- Comprehensive Reconnaissance:
- Passive Subdomain Enumeration: Gathers subdomains from public OSINT sources (e.g., Subfinder, Amass passive mode, SecurityTrails, VirusTotal, Crt.sh, DNSdumpster, Netcraft, SOCRadar).
- Active Subdomain Enumeration: Performs DNS brute-forcing (DNSRecon) and virtual host enumeration (FFUF) to discover hidden subdomains and virtual hosts.
- Passive URL/Endpoint Discovery: Extracts historical URLs from archives like Wayback Machine.
- Active URL/Endpoint Crawling: Uses Selenium to interactively crawl web applications, capturing network requests and extracting endpoints from JavaScript files.
- Authenticated Crawling: Supports manual login directly from the UI. A browser window opens on the server, allowing the user to log in manually before the automated crawl proceeds within the authenticated session.
- Automated Vulnerability Scanning:
- Cross-Site Scripting (XSS): Integrates with
DalFoxfor robust XSS detection. - SQL Injection (SQLi): Identifies SQL injection flaws.
- Command Injection: Detects vulnerabilities allowing arbitrary operating system command execution.
- Insecure Direct Object Reference (IDOR): Checks for IDOR vulnerabilities by manipulating object IDs.
- Cross-Site Request Forgery (CSRF): Analyzes for CSRF protection bypasses.
- Cross-Site Scripting (XSS): Integrates with
- User-Friendly Interface (UI):
- Intuitive and responsive web interface for seamless interaction across devices.
- Real-time Progress: Live scan progress updates with detailed messages and percentage completion via WebSockets.
- Dynamic Blog: Blog posts are served dynamically from Markdown files, making content management easy.
- Custom Modals: Non-blocking modal dialogs for alerts and confirmations.
- Fixed Header: The navigation header remains static during scrolling for consistent access.
- Detailed Reporting & History:
- All scan data (history, discovered assets, vulnerabilities) is persistently stored in an SQLite database.
- View detailed results for individual scans, including a vulnerability severity distribution chart (pie chart).
- Export scan history and individual scan reports in JSON, CSV, or HTML formats.
- Modular and Extensible: Designed with a clean architecture, allowing easy integration of new scanning tools, reconnaissance techniques, or reporting features.
Ensure you have the following installed on your system:
- Python 3.9+
- pip (Python package installer)
- Chrome Browser (or Firefox) installed on the machine where VulnScanX server runs.
- ChromeDriver (or GeckoDriver) executable. Crucially, its version MUST match your installed browser version. Place it in your system's PATH or directly in your
VulnScanX/project root directory. - External Command-Line Tools: Many scanning modules rely on these. The
install.shscript will help install most of these.amasssubfinderhttpxdnsreconffufdalfoxsqlmapcommix
- Clone the repository:
git clone [https://github.com/your-username/VulnScanX.git](https://github.com/your-username/VulnScanX.git) # Replace with your actual repo URL cd VulnScanX
- Build the Docker image:
docker build -t vulnscanx .- This process installs all Python dependencies and necessary browser components (Chromium) within the image, along with the external scanning tools (Go-based tools, sqlmap, commix, dnsrecon).
- Run the Docker container:
docker run -p 80:80 --name vulnscanx_app vulnscanx
- Important Note on Interactive Login in Docker: If you intend to use the "Open Browser for Active Crawl" feature for manual login, running Docker in a headless environment (like a typical server VM) will not display the browser window. For this feature, you would typically run VulnScanX directly on your local machine or use a VNC/remote desktop solution to access the Docker host's graphical environment.
- Clone the repository:
git clone [https://github.com/your-username/VulnScanX.git](https://github.com/your-username/VulnScanX.git) # Replace with your actual repo URL cd VulnScanX
- Make the installation script executable:
chmod +x install.sh
- Run the installation script:
./install.sh
- This script will install Python dependencies from
requirements.txtand attempt to install the Go programming language, Go-based tools (DalFox, Amass, Subfinder, httpx, ffuf), and Python-based tools (DNSRecon, sqlmap, commix). - Important: The script might require
sudofor some installations (e.g., Go, apt packages). It will also attempt to modify your~/.profileand~/.bashrcfor PATH variables. You might need to restart your terminal after running it.
- This script will install Python dependencies from
- Configure API Keys (Optional):
- Open
tools/config.ini. - Add your API keys for services like SecurityTrails, VirusTotal, Pentest-Tools, etc., if you wish to enable more extensive passive reconnaissance.
- Open
After installation, start the Flask application from the VulnScanX/ root directory:
python VulnScanX.py -p 80(You can change -p 80 to any desired port, e.g., -p 5000).
Open your web browser and navigate to:
http://localhost (if running on port 80)
or
http://localhost:5000 (if running on port 5000)
- Start a Scan:
- On the homepage, enter the
Target URL(e.g.,https://example.com). - Select
Scan Type:- Full Scan: Automatically enables all reconnaissance methods and vulnerability checks for a comprehensive assessment.
- Custom Scan: Allows you to granularly select specific
Reconnaissance Options(Passive/Active Subdomain, Passive/Active URL Crawling, Open Browser for login) andCustom Scan Tool Options(XSS, SQL Injection, Command Injection, IDOR, CSRF).
- Additionally, provide
Custom Headersin JSON format (e.g.,{"Authorization": "Bearer YOUR_TOKEN", "Cookie": "sessionid=abc"}). - Click
Start Scan.
- On the homepage, enter the
- Monitor Progress:
- The
Scan Progressarea on the homepage will display real-time updates, messages, and a percentage progress bar. - If
Active URL CrawlingwithOpen Browseris selected, a new browser window will appear on the server machine. You must manually log in or perform necessary actions in this browser. Once done, click theLogin Complete - Continue Scanbutton that appears in the VulnScanX UI to resume the scan.
- The
- View Results:
- Upon scan completion, the UI will automatically redirect you to the
/resultspage. - This page displays a summary of vulnerabilities, a severity distribution chart, detailed tables for vulnerabilities, discovered endpoints, and reconnaissance data.
- Upon scan completion, the UI will automatically redirect you to the
- Manage History:
- Navigate to the
/historypage to view a list of all your past scans. - Each entry shows the domain, scan date, and a summary of vulnerabilities.
- You can
View Detailsof any past scan (redirects to/resultsfor that scan ID). - You can
Deleteindividual scan history records.
- Navigate to the
- Export Reports:
- From the
/resultspage, you can export the current scan's report. - From the
/historypage, you can export all scan history. - Available formats:
JSON,CSVorHTML.
- From the
We welcome contributions! Please feel free to fork the repository, open issues, or submit pull requests.
