Skip to content

vbuccigrossi/WebScan

BranchesTags

Repository files navigation

WebScan - Advanced Web Vulnerability Scanner

Version Python License Status

The most advanced open-source web vulnerability scanner with intelligent taint analysis and OSINT extraction

FeaturesInstallationQuick StartDocumentationContributing

🎯 What is WebScan?

WebScan is a powerful, open-source web application security scanner that goes beyond simple pattern matching. It combines static analysis, active testing, and intelligent taint tracking to find vulnerabilities that other scanners miss.

Why WebScan?

  • 🧠 Intelligent Analysis - Uses taint analysis and data flow graphs to find unknown vulnerabilities
  • ✅ Active Verification - Tests vulnerabilities with safe payloads to eliminate false positives
  • 🔍 OSINT Extraction - Automatically extracts emails, phones, API keys, credentials, and more
  • 🚀 Fast & Accurate - 10-15% false positive rate (vs 35-40% for pattern-only scanners)
  • 🌍 Multi-Language - Supports Python, JavaScript, PHP, and more
  • 🔧 Extensible - Plugin architecture for adding new detection methods
  • 📊 Multiple Outputs - JSON, Text, SARIF formats for easy integration
  • 💰 100% Free - No subscriptions, no limits, no tracking

✨ Features

Core Capabilities

🔍 Detection Methods (3-Phase Approach)

Phase 0: Static Pattern Matching

  • 16+ vulnerability detection plugins
  • Fast initial scanning
  • Covers OWASP Top 10

Phase 1: Active Testing & Verification

  • 4-stage verification pipeline
  • XSS reflection testing with 11 safe payloads
  • SQL injection testing (time-based, error-based, boolean-based)
  • Confidence scoring (0.0-1.0)
  • Proof-of-concept generation
  • False positive filtering

Phase 2: Intelligence & Taint Analysis

  • Source-to-sink data flow tracking
  • Detects vulnerabilities pattern matching misses
  • Data flow graph generation
  • Unused variable detection
  • Use-before-definition detection
  • Multi-language AST parsing

OSINT Intelligence Layer

  • Email address extraction
  • Phone number extraction (US & international formats)
  • API keys & tokens (AWS, GitHub, Slack, Google, Stripe, etc.)
  • Hardcoded credentials detection
  • IP addresses (IPv4 & IPv6)
  • Domain names & URLs
  • Social media handles (Twitter, GitHub, LinkedIn, Instagram)
  • Cryptocurrency addresses (Bitcoin, Ethereum)
  • PII detection (SSNs, credit cards, addresses)
  • Private key detection
  • Person names & physical addresses

🎯 Vulnerability Types Detected

Category Vulnerabilities
Injection SQL Injection, Command Injection, LDAP Injection, XML Injection
XSS Reflected XSS, Stored XSS, DOM-based XSS
Authentication Broken Authentication, Session Fixation, Weak Password Policies
Access Control IDOR, Path Traversal, Forced Browsing
Security Misconfig CSRF, SSRF, Insecure Deserialization, XXE
Sensitive Data Information Disclosure, Hardcoded Credentials
Taint Flows Any untrusted data reaching dangerous operations
Code Quality Unused variables, Use-before-definition
OSINT Emails, Phones, API Keys, Credentials, IPs, Social Media, Crypto Addresses, PII

🚀 Quick Start

Installation

# Clone the repository
git clone https://github.com/vbuccigrossi/WebScan.git
cd WebScan

# Create virtual environment
python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

Basic Usage

# Scan a website (all 3 phases)
python3 main.py --url http://example.com

# Scan with active testing
python3 main.py --url http://example.com --active-testing

# Scan with intelligence (taint analysis)
python3 main.py --url http://example.com --intelligence

# Scan with OSINT extraction
python3 main.py --url http://example.com --osint

# Maximum detection (all features)
python3 main.py --url http://example.com --active-testing --intelligence --osint

# Scan local directory
python3 main.py --dir /path/to/code --intelligence --osint

Authenticated Scanning

# Form-based authentication
python3 main.py --url http://example.com \
  --username admin \
  --password secret \
  --login-url http://example.com/login \
  --active-testing

# Token-based authentication
python3 main.py --url http://api.example.com \
  --token "Bearer abc123..." \
  --intelligence

📊 Performance

False Positive Rates

  • Original (Pattern Only): 35-40%
  • Phase 1 (Verification): 10-15%
  • Phase 2 (Intelligence): 15-20%
  • Combined (Phase 1+2): <10%

🤝 Contributing

We welcome contributions! See CONTRIBUTING.md for guidelines.

Ways to Contribute

  • 🐛 Report bugs
  • 💡 Suggest features
  • 📝 Improve documentation
  • 🔧 Submit pull requests
  • 🧪 Add test cases
  • 🌍 Add language support

📋 Requirements

  • Python: 3.8 or higher
  • OS: Linux, macOS, Windows (WSL recommended)
  • Memory: 512MB+ RAM
  • Storage: 100MB+ free space

⚖️ License

WebScan is released under the MIT License. See LICENSE for details.

🔐 Security

Responsible Use

⚠️ IMPORTANT: Only scan applications you have permission to test!

  • ✅ Your own applications
  • ✅ Bug bounty programs
  • ✅ Penetration testing engagements (with authorization)
  • ✅ Educational/lab environments
  • ❌ Production systems without permission
  • ❌ Third-party websites
  • ❌ Government/financial systems without explicit authorization

Made with ❤️ for the security community

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages