import gradio as gr import requests SECURITY_HEADERS = [ "Content-Security-Policy", "Strict-Transport-Security", "X-Content-Type-Options", "X-Frame-Options", "X-XSS-Protection", "Referrer-Policy", "Permissions-Policy" ] def scan_website(url): if not url.startswith("http"): url = "http://" + url result = f"šŸ” Scanning `{url}`...\n\n" try: response = requests.get(url, timeout=5) headers = response.headers # 1. Server and X-Powered-By headers server = headers.get("Server", "Not disclosed") powered_by = headers.get("X-Powered-By", "Not disclosed") result += f"šŸ–„ļø Server: {server}\n" result += f"āš™ļø Powered By: {powered_by}\n\n" # 2. HTTPS check if url.startswith("https://"): result += "āœ… HTTPS is used.\n" else: result += "āš ļø Website does not use HTTPS.\n" # 3. Security header checks result += "\nšŸ” Security Header Checks:\n" for header in SECURITY_HEADERS: if header in headers: result += f"āœ… {header}: Present\n" else: result += f"āŒ {header}: Missing\n" # 4. Cookie security cookies = response.cookies for cookie in cookies: if not cookie.secure: result += f"\nāš ļø Cookie `{cookie.name}` is not marked as Secure." if "httponly" not in cookie._rest: result += f"\nāš ļø Cookie `{cookie.name}` is not marked as HttpOnly." return result.strip() except requests.exceptions.RequestException as e: return f"āŒ Error: {str(e)}" iface = gr.Interface( fn=scan_website, inputs=gr.Textbox(label="Enter Website URL", placeholder="e.g. https://example.com"), outputs=gr.Markdown(label="Vulnerability Report"), title="šŸ›”ļø Website Vulnerability Scanner (Basic)", description="Scans for basic web security issues like missing headers, insecure cookies, and exposed technologies." ) if __name__ == "__main__": iface.launch()