Vulnissimo is an API-first vulnerability scanner for web applications exposed to the internet.
Project description
🛡️ vulnissimo-py-sdk
Vulnissimo is a powerful web application vulnerability scanner that helps you automate the detection of security issues in websites exposed to the Internet. This Python SDK lets you interact with the Vulnissimo API to launch and monitor vulnerability scans for your web applications, right from your code.
🔍 About Vulnissimo
Vulnissimo offers two scanning modes:
-
Passive Scanning 🟢
- Fast, lightweight, and non-intrusive.
- Detects vulnerabilities without sending attack payloads (e.g., outdated software, exposed secrets, misconfigurations).
- No API token required. Results are publicly listed on vulnissimo.io.
-
Active Scanning 🔴
- Performs in-depth security testing by injecting attack payloads to find issues like XSS, SQL injection, and more.
- API token required. Results are private.
- May trigger security alerts on the target and should only be used with permission.
🚀 Installation
pip install vulnissimo
🏁 Getting Started
- Import the SDK
- Initialize the client with your API key
- Start a scan
- Poll for results (manual or auto)
📦 Usage Examples
1️⃣ Fully Automated
Use the run_scan method to quickly run a scan without needing to handle polling manually. The method will automatically handle the scan lifecycle and return the results when the scan is done.
from vulnissimo import Vulnissimo
v = Vulnissimo()
# Run a passive scan with public visibility
scan = v.run_scan("https://pentest-ground.com:4280")
# List vulnerabilities found in the scan
for vulnerability in scan.vulnerabilities:
print(f"[{vulnerability.risk_level.value}] {vulnerability.title}")
print(f"Scan completed with {len(scan.vulnerabilities)} vulnerabilities found.")
2️⃣ Manual Control (more advanced)
Use the start_scan method to initiate a scan and poll for results manually. This gives you more control allowing you to process partial results as they come in.
from time import sleep
from vulnissimo import Vulnissimo
v = Vulnissimo()
# Start the scan
scan = v.start_scan("https://pentest-ground.com:4280")
all_vulnerabilities = []
# Manually poll for scan results
while not scan.is_finished():
scan = v.poll(scan)
for vulnerability in scan.vulnerabilities:
if vulnerability not in all_vulnerabilities:
print(f"[{vulnerability.risk_level.value}] {vulnerability.title}")
all_vulnerabilities.append(vulnerability)
sleep(5)
print(f"Scan completed with {len(scan.vulnerabilities)} vulnerabilities found.")
3️⃣ Active Scan (API Key Required)
Provide a Vulnissimo API key and run active scans.
# First, get an authenticated Vulnisismo instance by providing an API token...
v = Vulnissimo(api_token=API_TOKEN) # Replace with your API token
# ... then, run an Active Scan using `run_scan` or `start_scan`, as in the examples above.
scan = v.run_scan(
"https://pentest-ground.com:4280", type=ScanType.ACTIVE, is_private=True
)
# or
scan = v.start_scan(
"https://pentest-ground.com:4280", type=ScanType.ACTIVE, is_private=True
)
🔑 Getting an API Key
Most features of Vulnissimo are available for free and do not require an API key—just use Passive Scanning and your results will be publicly listed. If you want to use Active Scanning or keep your scan results private, you’ll need an API key.
- To request an API key and get early access to new features, you can join the Vulnissimo Early Adopter Program.
- If you’d like to help shape Vulnissimo or have feedback, you’re welcome to join our Slack community.
We’re building Vulnissimo in the open and value feedback from all users—no API key required to get started!
📚 Documentation
See the full Vulnissimo API reference for more details and advanced usage of Vulnissimo API.
📝 License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vulnissimo-1.0.0a3.tar.gz.
File metadata
- Download URL: vulnissimo-1.0.0a3.tar.gz
- Upload date:
- Size: 48.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.11.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
082aec7a9f1b589f00cd163f42ee6f8087c81d77604aab94ac09692087cadcbc
|
|
| MD5 |
b8ab81812b8ca2f0cfc7c3f41048c944
|
|
| BLAKE2b-256 |
4227f7a8fb33d9d67ccadb28a4347f24eb8bc9c296edde251fab2fef920de6a3
|
File details
Details for the file vulnissimo-1.0.0a3-py3-none-any.whl.
File metadata
- Download URL: vulnissimo-1.0.0a3-py3-none-any.whl
- Upload date:
- Size: 37.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.11.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b5179de5fde88f598cd01d5094e45ef0bac08fe20c4ef467bbedd2f4033e2f45
|
|
| MD5 |
1f10d0f67a4f0f5d5b792dd8c74d0235
|
|
| BLAKE2b-256 |
5da361e667b7c94372ebf91be9ee2296f5e5eb4a9611779d6afb93fa83026dea
|