Skip to main content

Vulnissimo is an API-first vulnerability scanner for web applications exposed to the internet.

Project description

🛡️ vulnissimo-py-sdk

Vulnissimo is a powerful web application vulnerability scanner that helps you automate the detection of security issues in websites exposed to the Internet. This Python SDK lets you interact with the Vulnissimo API to launch and monitor vulnerability scans for your web applications, right from your code.

🔍 About Vulnissimo

Vulnissimo offers two scanning modes:

  • Passive Scanning 🟢

    • Fast, lightweight, and non-intrusive.
    • Detects vulnerabilities without sending attack payloads (e.g., outdated software, exposed secrets, misconfigurations).
    • No API token required. Results are publicly listed on vulnissimo.io.
  • Active Scanning 🔴

    • Performs in-depth security testing by injecting attack payloads to find issues like XSS, SQL injection, and more.
    • API token required. Results are private.
    • May trigger security alerts on the target and should only be used with permission.

🚀 Installation

pip install vulnissimo

🏁 Getting Started

  1. Import the SDK
  2. Initialize the client with your API key
  3. Start a scan
  4. Poll for results (manual or auto)

📦 Usage Examples

1️⃣ Fully Automated

Use the run_scan method to quickly run a scan without needing to handle polling manually. The method will automatically handle the scan lifecycle and return the results when the scan is done.

from vulnissimo import Vulnissimo

v = Vulnissimo()

# Run a passive scan with public visibility
scan = v.run_scan("https://pentest-ground.com:4280")

# List vulnerabilities found in the scan
for vulnerability in scan.vulnerabilities:
    print(f"[{vulnerability.risk_level.value}] {vulnerability.title}")
print(f"Scan completed with {len(scan.vulnerabilities)} vulnerabilities found.")

2️⃣ Manual Control (more advanced)

Use the start_scan method to initiate a scan and poll for results manually. This gives you more control allowing you to process partial results as they come in.

from time import sleep

from vulnissimo import Vulnissimo

v = Vulnissimo()

# Start the scan
scan = v.start_scan("https://pentest-ground.com:4280")
all_vulnerabilities = []

# Manually poll for scan results
while not scan.is_finished():
    scan = v.poll(scan)

    for vulnerability in scan.vulnerabilities:
        if vulnerability not in all_vulnerabilities:
            print(f"[{vulnerability.risk_level.value}] {vulnerability.title}")
            all_vulnerabilities.append(vulnerability)

    sleep(5)

print(f"Scan completed with {len(scan.vulnerabilities)} vulnerabilities found.")

3️⃣ Active Scan (API Key Required)

Provide a Vulnissimo API key and run active scans.

# First, get an authenticated Vulnisismo instance by providing an API token...
v = Vulnissimo(api_token=API_TOKEN)  # Replace with your API token

# ... then, run an Active Scan using `run_scan` or `start_scan`, as in the examples above.
scan = v.run_scan(
    "https://pentest-ground.com:4280", type=ScanType.ACTIVE, is_private=True
)
# or
scan = v.start_scan(
    "https://pentest-ground.com:4280", type=ScanType.ACTIVE, is_private=True
)

🔑 Getting an API Key

Most features of Vulnissimo are available for free and do not require an API key—just use Passive Scanning and your results will be publicly listed. If you want to use Active Scanning or keep your scan results private, you’ll need an API key.

We’re building Vulnissimo in the open and value feedback from all users—no API key required to get started!


📚 Documentation

See the full Vulnissimo API reference for more details and advanced usage of Vulnissimo API.


📝 License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vulnissimo-1.0.0a3.tar.gz (48.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vulnissimo-1.0.0a3-py3-none-any.whl (37.7 kB view details)

Uploaded Python 3

File details

Details for the file vulnissimo-1.0.0a3.tar.gz.

File metadata

  • Download URL: vulnissimo-1.0.0a3.tar.gz
  • Upload date:
  • Size: 48.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.0.1 CPython/3.11.3

File hashes

Hashes for vulnissimo-1.0.0a3.tar.gz
Algorithm Hash digest
SHA256 082aec7a9f1b589f00cd163f42ee6f8087c81d77604aab94ac09692087cadcbc
MD5 b8ab81812b8ca2f0cfc7c3f41048c944
BLAKE2b-256 4227f7a8fb33d9d67ccadb28a4347f24eb8bc9c296edde251fab2fef920de6a3

See more details on using hashes here.

File details

Details for the file vulnissimo-1.0.0a3-py3-none-any.whl.

File metadata

  • Download URL: vulnissimo-1.0.0a3-py3-none-any.whl
  • Upload date:
  • Size: 37.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.0.1 CPython/3.11.3

File hashes

Hashes for vulnissimo-1.0.0a3-py3-none-any.whl
Algorithm Hash digest
SHA256 b5179de5fde88f598cd01d5094e45ef0bac08fe20c4ef467bbedd2f4033e2f45
MD5 1f10d0f67a4f0f5d5b792dd8c74d0235
BLAKE2b-256 5da361e667b7c94372ebf91be9ee2296f5e5eb4a9611779d6afb93fa83026dea

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page