Why Choose This Project?

In today’s world of web applications, vulnerabilities such as SQL Injection, XSS, CSRF, and insecure deserialization are widespread. This project provides a practical tool to scan and detect the most critical web vulnerabilities as defined by the OWASP Top 10. It simulates a professional security scanner used by ethical hackers, penetration testers, and security analysts.

What You Get in the Project?

• Full-featured web vulnerability scanner dashboard

• Crawls websites and detects OWASP Top 10 risks

• Customizable scan targets, scan depth, and result filters

• Intuitive user interface with real-time results display

• Complete frontend and backend source code

• Export scan results to PDF or CSV

• Clean UI with responsive design

• Includes documentation and setup guide

Technology Stack Used

OWASP Top 10 Vulnerabilities Covered

1. Injection (SQL, Command)

2. Broken Authentication

3. Sensitive Data Exposure

4. XML External Entities (XXE)

5. Broken Access Control

6. Security Misconfiguration

7. Cross-Site Scripting (XSS)

8. Insecure Deserialization

9. Using Components with Known Vulnerabilities

10. Insufficient Logging & Monitoring

Key Features

• URL Target Input – User enters the target domain or page

• Crawling Engine – Crawls internal links for testing

• Injection Tester – Runs payloads to detect SQLi, XSS, etc.

• Response Analyzer – Checks headers, responses, and inputs

• Visual Alerts – Colored indicators (High/Medium/Low risk)

• Report Generator – Export test reports to PDF/CSV

• Authentication Token Input – Scan secured apps via JWT/session

• Lightweight UI – Real-time logs and background scanning

• Email Alerts (Optional) – Send results to admin email