Common Web Application Vulnerability Scanner
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
Common Web Application Vulnerability Scanner. [python Version]
This is a simple web application vulnerability scanner that checks if a given URL or IP address is vulnerable to common web application security vulnerabilities. The tool is designed to help website owners and security researchers identify vulnerabilities in their web applications that can be exploited by attackers.
Installation
pip install cwv-scanner
Usage
cwv-scanner example.com
Vulnerabilities Checked by cwv-scanner
The scanner checks for the following 36 vulnerabilities:
| Vulnerability | Description |
|---|---|
| SQL Injection | Injecting malicious SQL code into inputs to manipulate database queries. |
| XSS (Cross-Site Scripting) | Injecting malicious scripts into web pages viewed by users. |
| File Inclusion | Loading unauthorized files due to unsanitized user input. |
| Directory Traversal | Accessing restricted directories via manipulated input paths. |
| Remote File Inclusion | Including malicious code from remote servers via user input. |
| Command Injection | Executing arbitrary commands by injecting malicious input. |
| Cross-Site Request Forgery (CSRF) | Tricking users into submitting unauthorized requests. |
| Unrestricted File Upload | Uploading malicious files that can be executed on the server. |
| Password Cracking | Exploiting weak passwords to gain unauthorized access. |
| Session Hijacking | Stealing session IDs to impersonate authenticated users. |
| Broken Auth and Session Management | Bypassing authentication or hijacking sessions due to poor implementation. |
| Remote Code Execution | Executing arbitrary code on the server via malicious input. |
| Local File Inclusion | Loading local files that should not be accessible via user input. |
| Server Side Request Forgery (SSRF) | Sending unauthorized requests to internal/external servers. |
| XML External Entity (XXE) Injection | Exploiting XML parsing to access sensitive data or execute code. |
| Cross-Site Script Inclusion (XSSI) | Loading external JavaScript to execute malicious code in the browser. |
| Server-Side Template Injection (SSTI) | Injecting malicious code into server-side templates for execution. |
| HTML Injection | Injecting malicious HTML to steal data or manipulate page content. |
| XPath Injection | Manipulating XPath queries to access unauthorized data. |
| Code Injection | Injecting executable code into the application to run on the server. |
| Object Injection | Manipulating serialized objects to execute arbitrary code. |
| Cross-Domain Scripting | Injecting scripts from external domains to steal browser data. |
| HTTP Response Splitting | Injecting newlines into HTTP headers to manipulate responses. |
| Buffer Overflow | Exploiting buffer overruns to execute arbitrary code. |
| Format String Attack | Exploiting format string vulnerabilities to execute code. |
| Command Injection (Windows) | Injecting commands into Windows systems via malicious input. |
| Insecure Cryptographic Storage | Exploiting weak encryption to access sensitive data. |
| Insecure Direct Object References | Accessing unauthorized resources via unvalidated input. |
| Insufficient Logging and Monitoring | Failing to log or monitor security events, enabling undetected attacks. |
| Security Misconfiguration | Exploiting misconfigured server or application settings. |
| Cross-Site Script Inclusion (CSSI) | Including external stylesheets that could be controlled by attackers. |
| Click Fraud | Generating fake ad clicks to manipulate revenue or budgets. |
| Broken Access Control | Bypassing access controls to gain unauthorized access to resources. |
| Clickjacking | Tricking users into clicking disguised malicious elements. |
| Hidden Form Fields | Submitting unexpected data via hidden form fields to bypass validation. |
| Shellshock | Exploiting Bash vulnerabilities to execute arbitrary code. |
Credits
FootNote/s
- Results cannot be 100% Gaurenteed
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cwv_scanner-1.0.1.tar.gz
(28.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cwv_scanner-1.0.1.tar.gz.
File metadata
- Download URL: cwv_scanner-1.0.1.tar.gz
- Upload date:
- Size: 28.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
665f98a0348d401e332bf953e4041fa1a4142ca87a4a1cc59b8ee833c6a55806
|
|
| MD5 |
88f4dd82f44a2082f2cd41e2921184ba
|
|
| BLAKE2b-256 |
0b43c2611288d7d5e1c1c45e76bfcf99a8b686acf5532a337e349c206d7660d6
|
Provenance
The following attestation bundles were made for cwv_scanner-1.0.1.tar.gz:
Publisher:
publish.yml on SirCryptic/cwv-scanner
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cwv_scanner-1.0.1.tar.gz -
Subject digest:
665f98a0348d401e332bf953e4041fa1a4142ca87a4a1cc59b8ee833c6a55806 - Sigstore transparency entry: 747817980
- Sigstore integration time:
-
Permalink:
SirCryptic/cwv-scanner@d0bb14e534bd8e62abc83c87822f2a0a1cb8e3c1 -
Branch / Tag:
refs/tags/v1.0.1 - Owner: https://github.com/SirCryptic
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d0bb14e534bd8e62abc83c87822f2a0a1cb8e3c1 -
Trigger Event:
release
-
Statement type:
File details
Details for the file cwv_scanner-1.0.1-py3-none-any.whl.
File metadata
- Download URL: cwv_scanner-1.0.1-py3-none-any.whl
- Upload date:
- Size: 27.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e952ded0588e7b27da5e0821e4aceeee13ee4e90556d35dea94df7db9e2daf33
|
|
| MD5 |
d599d7d9aeb1a4c10030196755271e67
|
|
| BLAKE2b-256 |
07567b69fddafda397aeaa7f25048adf3635d3b78edbbfc005bc710b8b32536b
|
Provenance
The following attestation bundles were made for cwv_scanner-1.0.1-py3-none-any.whl:
Publisher:
publish.yml on SirCryptic/cwv-scanner
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cwv_scanner-1.0.1-py3-none-any.whl -
Subject digest:
e952ded0588e7b27da5e0821e4aceeee13ee4e90556d35dea94df7db9e2daf33 - Sigstore transparency entry: 747817981
- Sigstore integration time:
-
Permalink:
SirCryptic/cwv-scanner@d0bb14e534bd8e62abc83c87822f2a0a1cb8e3c1 -
Branch / Tag:
refs/tags/v1.0.1 - Owner: https://github.com/SirCryptic
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d0bb14e534bd8e62abc83c87822f2a0a1cb8e3c1 -
Trigger Event:
release
-
Statement type:
