Website Vulnerability Analyzer
This is a Python script designed to analyze the security vulnerabilities of websites. It scans a given URL for potential security risks based on specified configurations or defaults. Features
Form Analysis: Detects insecure form actions and alerts users if they are not served over HTTPS.
Comment Analysis: Searches for specific patterns within HTML comments that might indicate security issues.
Password Detection: Identifies plaintext password inputs and advises users to secure them.
Requirements
Python 3.x
Requests library (pip install requests)
BeautifulSoup library (pip install beautifulsoup4)
PyYAML library (pip install pyyaml)
Usage
Clone the repository:
bash
git clone https://github.com/yourusername/website-vulnerability-analyzer.git
Navigate to the project directory:
bash
cd website-vulnerability-analyzer
Run the script with the URL of the website you want to analyze:
less
python main.py "https://example.com"
Replace "https://example.com" with the URL you want to analyze.
Optionally, you can provide a configuration file and specify an output file for the vulnerability report using --config and --output arguments respectively.
Configuration
You can customize the behavior of the analyzer by providing a configuration file in YAML format. The following options are available:
forms: Analyze insecure form actions (default: True).
comments: Analyze HTML comments (default: True).
passwords: Detect plaintext password inputs (default: True).
Example configuration file (config.yml):
yaml
forms: true comments: true passwords: true
To use a configuration file:
arduino
python main.py --url "https://example.com" --config config.yml
Output
The script generates a vulnerability report highlighting any issues found. If no vulnerabilities are detected, it confirms that the website is secure.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent