Skip to content

mVonal/YamanSec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
scanner
scanner
 
 
.DS_Store
.DS_Store
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🛡️ YamanSec: Web Vulnerability Scanner

YamanSec is a modular web application scanner built using Python and Flask, designed to help identify common web vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), and misconfigurations. It provides a user-friendly web interface, PDF report generation, and integration with the OWASP ZAP API for full scans.

🚀 Features

  • 🔍 Quick Scan — Custom-built scanner using requests and BeautifulSoup to detect:
    • SQL Injection (form-based and login bypass)
    • Reflected Cross-Site Scripting (XSS)
  • 🕷️ Full Scan — Integrates with OWASP ZAP API for deep scans including:
    • Security headers
    • Cookie flags
    • JavaScript library vulnerabilities
  • 🖥️ Flask Web Interface:
    • Input target URL and scan type
    • View detailed scan results
    • Download PDF reports
    • View scan history with timestamps
  • 🧠 Designed for educational use (e.g., TryHackMe, Hack The Box labs)

🧰 Tech Stack

  • Backend: Python, Flask
  • Frontend: HTML/CSS (Jinja2 Templates)
  • Scanning Tools: Custom code + OWASP ZAP API
  • Database: SQLite
  • PDF Generation: ReportLab
  • Other: BeautifulSoup4, Requests

📦 Installation

1. Clone the repository:

git clone https://github.com/yourusername/YamanSec-Web-Scanner.git
cd YamanSec-Web-Scanner

2. Create a virtual environment (recommended):

python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

3. Install dependencies:

pip install -r requirements.txt

4. Run the Flask app:

python app.py

Open your browser and go to: http://localhost:5000

📂 Project Structure

YamanSec/
│
├── app.py                  # Flask web server
├── scanner_engine.py       # Manages quick/full scan routing
├── quick_scanner.py        # Custom scanner (SQLi/XSS)
├── report_generator.py     # PDF report creation
├── database.py             # SQLite DB utility (optional)
├── requirements.txt
├── templates/              # HTML templates (Jinja2)
└── scan_results.db         # (optional) Database file (ignored in .gitignore)

🧪 Sample Vulnerabilities Detected

Vulnerability Recommendation
SQL Injection Use parameterized queries or ORM
Reflected Cross-Site Scripting Escape input and set Content-Security-Policy
Missing Anti-CSRF Tokens Implement CSRF tokens in all forms
Insecure Cookies Add SameSite, HttpOnly, Secure attributes
Missing Security Headers Add X-Frame-Options, X-Content-Type-Options, CSP, etc.

⚖️ Ethical Usage Disclaimer

⚠️ This tool is intended for educational and authorized testing only.
Do not use YamanSec to scan websites without explicit permission.
Unauthorized use may be illegal and unethical.

✨ Future Enhancements

  • 🔐 Support for authenticated scanning (session/cookie injection)
  • 📈 Enhanced PDF reports with charts and severity breakdowns
  • 🐳 Docker containerization
  • ☁️ Optional deployment to cloud (e.g., AWS/Azure)
  • 🔁 CI/CD integration for automated security checks

👨‍💻 Author

Muhammet VonalLinkedIn
Cybersecurity enthusiast | Web security researcher | Software developer

⭐️ Give it a star if you found it useful!

About

Vulnerability Scanner for Web Applications

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages