🔍 Web Vulnerability Scanner CLI

A powerful and pluggable JavaScript CLI tool to scan websites for common security vulnerabilities:

• ✅ SQL Injection
• ✅ XSS (Cross-Site Scripting)
• ✅ CSRF
• ✅ CSP Misconfigurations
• ✅ SSL/TLS Issues
• ✅ Insecure HTTP Headers
• ✅ Directory Traversal
• ✅ Open Ports
• ✅ Outdated JavaScript Libraries
• ✅ IDOR
• ✅ RCE Checks

Generate reports in Console, JSON, HTML, or Markdown formats.

git clone https://github.com/pratikacharya1234/Web-Vulnerability-Scanner.git
cd Web-Vulnerability-Scanner
npm install

📌 Requires Node.js v18+

node bin/cli.js https://example.com

node bin/cli.js https://juice-shop.herokuapp.com \
  --only xss,sql,headers \
  --format html \
  --output report.html \
  --open \
  --verbose

npm install web-vuln-scanner

const scanner = require('web-vuln-scanner');

(async () => {
  const results = await scanner.scan('https://example.com', {
    scanModules: ['xss', 'headers', 'ssl'],
    timeout: 30000,
    verbose: true,
    depth: 1,
    concurrency: 5,
    userAgent: 'MyScanner/1.0'
  });

  console.log(JSON.stringify(results, null, 2));
})();

const fs = require('fs');
const path = require('path');
const scanner = require('web-vuln-scanner');
const { generateReport } = require('web-vuln-scanner/lib/reporters/html-reporter');
const open = (...args) => import('open').then(m => m.default(...args));

(async () => {
  const url = 'https://example.com';
  const results = await scanner.scan(url, {
    scanModules: ['xss', 'headers', 'ssl'],
    timeout: 30000,
    depth: 1,
    concurrency: 5
  });

  const report = {
    target: url,
    summary: results.summary,
    vulnerabilities: results.vulnerabilities
  };

  const filePath = path.resolve(__dirname, 'scan-report.html');
  fs.writeFileSync(filePath, generateReport(report));
  console.log(`📄 Report saved at: ${filePath}`);
  await open(filePath);
})();

{
  "summary": {
    "total": 5,
    "high": 1,
    "medium": 2,
    "low": 2,
    "info": 0
  },
  "vulnerabilities": [
    {
      "type": "xss",
      "severity": "high",
      "description": "Potential reflected XSS found",
      "recommendation": "Sanitize user input.",
      "evidence": "<script>alert(1)</script>",
      "url": "https://example.com"
    }
  ]
}

web-vuln-scanner/
├── bin/
│   └── cli.js                # CLI entrypoint
├── lib/
│   ├── index.js              # Exports scanner
│   ├── scanner.js            # Core scanner
│   ├── crawler.js            # HTML-based crawler
│   ├── crawler-puppeteer.js  # JS-based crawler
│   ├── auth.js               # Login scanning
│   ├── session-recorder.js   # Session manager
│   ├── version-check.js
│   ├── scanners/
│   │   ├── xss.js
│   │   ├── sql-injection.js
│   │   ├── ssl-tls.js
│   │   ├── external-scripts.js
│   │   └── dependency.js
│   ├── reporters/
│   │   ├── html-reporter.js
│   │   ├── markdown-reporter.js
│   │   ├── json-reporter.js
│   │   └── owasp.js
│   └── integrations/
│       ├── jira.js
│       └── slack.js

We're building a powerful, enterprise-ready security toolkit. See our roadmap.md for the detailed plan:

• ✅ Modular scanners implementation
• ✅ Report generators (HTML, JSON, Markdown)
• ✅ Smart CLI flags (risk-insight, show-evidence)
• ✅ Puppeteer crawler for JS apps
• ✅ Gemini AI fix recommendations

• 🧠 LLM vulnerability explainer
• 📊 Web-based dashboard UI
• 🔐 Authentication scanning
• 📄 OWASP & compliance reporting
• 🧲 Jira & Slack integrations

We welcome your help!
Please check out CONTRIBUTING.md for how to submit a PR and see our roadmap.md for upcoming features.

MIT © 2025
Made with 💻 by Pratik Acharya