|
|
import gradio as gr |
|
|
import requests |
|
|
|
|
|
SECURITY_HEADERS = [ |
|
|
"Content-Security-Policy", |
|
|
"Strict-Transport-Security", |
|
|
"X-Content-Type-Options", |
|
|
"X-Frame-Options", |
|
|
"X-XSS-Protection", |
|
|
"Referrer-Policy", |
|
|
"Permissions-Policy" |
|
|
] |
|
|
|
|
|
def scan_website(url): |
|
|
if not url.startswith("http"): |
|
|
url = "http://" + url |
|
|
|
|
|
result = f"๐ Scanning `{url}`...\n\n" |
|
|
|
|
|
try: |
|
|
response = requests.get(url, timeout=5) |
|
|
headers = response.headers |
|
|
|
|
|
|
|
|
server = headers.get("Server", "Not disclosed") |
|
|
powered_by = headers.get("X-Powered-By", "Not disclosed") |
|
|
|
|
|
result += f"๐ฅ๏ธ Server: {server}\n" |
|
|
result += f"โ๏ธ Powered By: {powered_by}\n\n" |
|
|
|
|
|
|
|
|
if url.startswith("https://"): |
|
|
result += "โ
HTTPS is used.\n" |
|
|
else: |
|
|
result += "โ ๏ธ Website does not use HTTPS.\n" |
|
|
|
|
|
|
|
|
result += "\n๐ Security Header Checks:\n" |
|
|
for header in SECURITY_HEADERS: |
|
|
if header in headers: |
|
|
result += f"โ
{header}: Present\n" |
|
|
else: |
|
|
result += f"โ {header}: Missing\n" |
|
|
|
|
|
|
|
|
cookies = response.cookies |
|
|
for cookie in cookies: |
|
|
if not cookie.secure: |
|
|
result += f"\nโ ๏ธ Cookie `{cookie.name}` is not marked as Secure." |
|
|
if "httponly" not in cookie._rest: |
|
|
result += f"\nโ ๏ธ Cookie `{cookie.name}` is not marked as HttpOnly." |
|
|
|
|
|
return result.strip() |
|
|
|
|
|
except requests.exceptions.RequestException as e: |
|
|
return f"โ Error: {str(e)}" |
|
|
|
|
|
iface = gr.Interface( |
|
|
fn=scan_website, |
|
|
inputs=gr.Textbox(label="Enter Website URL", placeholder="e.g. https://example.com"), |
|
|
outputs=gr.Markdown(label="Vulnerability Report"), |
|
|
title="๐ก๏ธ Website Vulnerability Scanner (Basic)", |
|
|
description="Scans for basic web security issues like missing headers, insecure cookies, and exposed technologies." |
|
|
) |
|
|
|
|
|
if __name__ == "__main__": |
|
|
iface.launch() |
|
|
|
