Basic_Vulnerability_Scanner

VulnGuard: Lightweight Vulnerability Scanner

VulnGuard is a professional, GUI-based vulnerability scanning tool designed for entry-level security analysis. It identifies common misconfigurations, exposed information, and open attack surfaces on both websites and infrastructure.

🚀 Features

• Multi-Target Support: Scan domains (e.g., google.com) or IP addresses (e.g., 127.0.0.1).
• Port Scanning: Probes common service ports (21, 22, 23, 25, 53, 80, 110, 139, 143, 443, 445, 3389).
• Security Header Audit: Checks for missing critical security headers like CSP, HSTS, X-Frame-Options, etc.
• Tech Stack Detection: Identifies web server types (Nginx, Apache) and exposed version numbers.
• Vulnerability Heuristics:
  • Flags insecure HTTP usage.
  • Detects exposed administrative or backup directories (/admin, /backup, .env).
  • Identifies generic server signatures that facilitate reconnaissance.
• Modern Web GUI: A premium dark-mode interface with glassmorphism and real-time scanning updates.
• Actionable Reporting: Each finding includes a severity level and a specific remediation suggestion.

🛠️ How it Works

The tool uses a modular Python engine:

1. Reconnaissance Phase: Resolves the target hostname to an IP address using the socket library.
2. Port Scan Phase: Attempts TCP connections to a curated list of high-value ports. Successful connections indicate an open service.
3. HTTP Analysis Phase: Sends HEAD/GET requests to the target URL (using requests). It parses response headers for security flags and technology signatures.
4. Directory Fuzzing: Performs lightweight brute-forcing of common sensitive paths to check for lack of access control (403/404 vs 200).
5. Processing & UI: Results are serialized to JSON and pushed to the Flask-based frontend via periodic polling.

⚠️ Limitations

• Deep Scanning: This tool is an initial reconnaissance scanner. It does not perform deep exploit analysis (like SQLi or XSS payloads).
• Firewalls: Port scans may be blocked or provide false negatives if the target is behind a sophisticated WAF or IPS.
• No Exploitation: VulnGuard is strictly for detection. It never attempts to exploit a vulnerability.
• Single Threaded Scans: To keep it simple and lightweight, it scans ports sequentially; for production use, Nmap is recommended for speed.

📦 Installation & Usage

1. Clone/Download the repository.
2. Install dependencies:

   pip install -r requirements.txt
   

3. Run the application:

   python app.py
   

4. Open http://localhost:5000 in your web browser.

---

Disclaimer: Use this tool ONLY on targets you own or have explicit permission to scan. Unauthorized scanning is illegal and unethical.

This site is open source. Improve this page.