File size: 2,116 Bytes
fbfbbde |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
import gradio as gr
import requests
SECURITY_HEADERS = [
"Content-Security-Policy",
"Strict-Transport-Security",
"X-Content-Type-Options",
"X-Frame-Options",
"X-XSS-Protection",
"Referrer-Policy",
"Permissions-Policy"
]
def scan_website(url):
if not url.startswith("http"):
url = "http://" + url
result = f"🔍 Scanning `{url}`...\n\n"
try:
response = requests.get(url, timeout=5)
headers = response.headers
# 1. Server and X-Powered-By headers
server = headers.get("Server", "Not disclosed")
powered_by = headers.get("X-Powered-By", "Not disclosed")
result += f"🖥️ Server: {server}\n"
result += f"⚙️ Powered By: {powered_by}\n\n"
# 2. HTTPS check
if url.startswith("https://"):
result += "✅ HTTPS is used.\n"
else:
result += "⚠️ Website does not use HTTPS.\n"
# 3. Security header checks
result += "\n🔐 Security Header Checks:\n"
for header in SECURITY_HEADERS:
if header in headers:
result += f"✅ {header}: Present\n"
else:
result += f"❌ {header}: Missing\n"
# 4. Cookie security
cookies = response.cookies
for cookie in cookies:
if not cookie.secure:
result += f"\n⚠️ Cookie `{cookie.name}` is not marked as Secure."
if "httponly" not in cookie._rest:
result += f"\n⚠️ Cookie `{cookie.name}` is not marked as HttpOnly."
return result.strip()
except requests.exceptions.RequestException as e:
return f"❌ Error: {str(e)}"
iface = gr.Interface(
fn=scan_website,
inputs=gr.Textbox(label="Enter Website URL", placeholder="e.g. https://example.com"),
outputs=gr.Markdown(label="Vulnerability Report"),
title="🛡️ Website Vulnerability Scanner (Basic)",
description="Scans for basic web security issues like missing headers, insecure cookies, and exposed technologies."
)
if __name__ == "__main__":
iface.launch()
|