VISVESVARAYA TECHNOLOGICAL UNIVERSITY

Jnana Sangama, Belagavi 560018

A MINI PROJECT
REPORT ON

“WEB BASED VULNERABILITY SCANNER”

A Mini Project Submitted in partial fulfillment of the requirement for the degree of
BACHELOR OF ENGINEERING
IN
COMPUTER SCIENCE & ENGINEERING
Submitted by
Afreen Zohra (1RG22CS010)
Faiza Siddique (1RG22CS031)
Annesha Shil (1RG22CS016)
Keshavathi (1RG22CS042)

Under The Guidance

Mrs. Deepti N N
Assoc.Professor, Dept of
CSE RGIT, Bangalore-32

Department of Computer Science & Engineering

RAJIV GANDHI INSTITUTE OF TECHNOLOGY
Cholanagar, R.T.Nagar Post, Bengaluru-560032
RAJIV GANDHI INSTITUTE OF TECHNOLOGY
(Affiliated to Visvesvaraya Technological University)
Cholanagar, R.T. Nagar Post, Bengaluru-560032
2024-2025
Department of Computer Science & Engineering
 CERTIFICATE

This is to certify that the Project Report titled “WEB BASED VULNERABILITY
SCANNER” is a Bonafide work carried out by Ms. Afreen Zohra (USN 1RG22CS010),
Ms. Aneesha Shil (USN 1RG22CS016), Ms. Faiza Siddique (USN 1RG22CS031) and Ms.
Keshavathi Kumari (USN 1RG22CS042) in partial fulfilment for the award of Bachelor of
Engineering in Computer Science and Engineering of the Visvesvaraya Technological
University, Belagavi, during the year 2024-2025. It is certified that all
corrections/suggestions given for Internal Assessment have been incorporated in the report.
This project report has been approved as it satisfies the academic requirements in respect of
project work prescribed for the said degree.

Signature of the Guide Signature of the HOD Signature of the Principal

Mrs. Deepti N N Dr. Arudra A Dr. H Madhu Gowda
Assistant Professor Associate Professor Principal
Dept. Of CSE , Dept. Of CSE RGIT, Bengaluru
RGIT, Bengaluru RGIT, Bengaluru

External viva

Name of the Examiners Signature with date

1.

2.
 VISVESVARAYA TECHNOLOGICAL UNIVERSITY
Jnana Sangama, Belgavi-590018

RAJIV GANDHI INSTITUTE OF TECHNOLOGY

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

DECLARATION

We hereby declare that the project work entitled “WEB BASED VULNERABILITY
SCANNER” submitted to the Visvesvaraya Technological University, Belagavi
during the academic year 2024-2025, is record of an original work done by us under the
guidance of Mrs..Deepti N N, Assistant Professor, Department of Computer Science
and Engineering, RGIT, Bengaluru in the partial fulfilment of requirements for the
award of the degree of Bachelor of Engineering in Computer Science &
Engineering. The results embodied in this project have not been submitted to any other
University or Institute for award of any degree or diploma.

Afreen Zohra ( 1RG23CS401)

Annesha Shil (1RG22CS022)
Faiza Siddique (1RG22CS031)
Keshavathi Kumari (1RG22CS042)
Signature:
Date:
 ACKNOWLEDGEMENT

We take this opportunity to thank our college Rajiv Gandhi Institute of Technology,
Bengaluru for providing us with an opportunity to carry out this project work.

We express our gratitude to Dr. Madhu H Gowda, Principal, RGIT, Bengaluru to

Principal, RGIT, Bengaluru for providing the resources and support without which the
completion of this project would have been a difficult task.

We extend our sincere thanks to Dr. Arudra A, Associate Professor and HOD,
Department of Computer Science and Engineering, RGIT, Bengaluru, for being a pillar of
support and encouraging us in the face of all adversities.

We would like to acknowledge the thorough guidance and support extended towards us by
Mrs. Bhagyashri Wakde, Assistant Professor, Dept. of CSE, RGIT, Mrs. Soniya Komal
V, Assistant Professor, Dept. of CSE, RGIT, Bengaluru, Mrs. Kavyashree, Assistant
Professor, Dept. of CSE, RGIT, Bengaluru, Mrs. Geetha Pawar, Assistant Professor,
Dept. of CSE, RGIT, Bengaluru and Mrs. Deepti Murali, Assistant Professor, Dept. of
CSE, RGIT, Bengaluru. Their incessant encouragement and valuable technical support
have been of immense help. Their guidance gave us the environment to enhance our
knowledge and skills and to reach the pinnacle with sheer determination, dedication and
hard work.

We also want to extend our thanks to the entire faculty and support staff of the Department
of Computer Science and Engineering, RGIT, Bengaluru, who have encouraged us
throughout the course of the Bachelor’s Degree. We want to thank our family for always
being there with full support and for providing us with a safe haven to conduct and
complete our project. We are ever grateful to them for helping us in these stressful times.
Lastly, we want to acknowledge all the helpful insights given to us by all our friends during
the course of this project

Afreen Zohra ( 1RG23CS401)

Annesha Shil (1RG22CS022)
Faiza Siddique (1RG22CS031)
Keshavathi Kumari (1RG22CS042)

i
 ABSTRACT

This project presents the development of a web-based vulnerability scanner designed to detect critical security
flaws in websites. The scanner focuses on three major vulnerabilities: SQL Injection, Cross-Site Scripting
(XSS), and Open Redirects. The tool operates by allowing users to input a URL, select the type of vulnerability
to scan, and receive detailed results, including risk level, vulnerability presence, and relevant URL information.
Developed using Python(flask) modules for backend processing and HTML, CSS, and JavaScript for the
frontend, the scanner provides a user-friendly interface with real-time feedback. The project emphasizes
enhancing web security by providing website owners with actionable insights to prevent attacks. The system
also integrates an adaptive AI algorithm to improve detection accuracy. This tool aims to serve as an accessible
and efficient solution for developers and website administrators looking to secure their web applications. The
user experience is enhanced through a clean, responsive dashboard that adapts to different devices and screen
sizes. The scanner’s results are presented in an organized manner, detailing the vulnerability status and the
specific nature of each issue. Additionally, the scanner offers suggestions for remediation to help users address
identified security risks. The project demonstrates the importance of proactive vulnerability scanning in
securing websites and reducing the risk of cyberattacks. By providing an intuitive and automated solution, the
scanner makes it easier for non-expert users to improve their website’s security posture.

ii
 CONTENTS

CHAPTER NO TITILE PAGE NO

Chapter 1
1.1 Introduction 1
1.2 Problem statement 2
1.3 objectives 3
Chapter 2

2.1 Literature Survey 4-5

2.2 Disadvantages of existing 5-7
systems
Chapter 3
3.1 State of art of 9
technologies

Chapter 4 Methodology
4.1 Requirement analysis
4.2 Design and architecture 10
4.3 Deployment
4.4 Testing 11
4.5 Deployment
4.6 Maintenance and update
4.7 Key features 12
4.8 Validation and iteration
Chapter 5 Snapshots 14-17

Chapter 6 Source Code

6.1 Backend Technology 18-22
6.1 Frontend Technology 23-27

Conclusion 28
Bibliography 27
ii
WEB BASED VULNERABILITY
SCANNER

CHAPTER 1
1.1 INTRODUCTION

In the rapidly evolving landscape of cybersecurity, web applications have become frequent targets for
malicious activities due to their accessibility and integration with critical business processes. Ensuring the
security of these applications is paramount to protect sensitive data, maintain user trust, and comply with
regulatory standards.
A web-based vulnerability scanner is a specialized tool designed to automate the detection of security
weaknesses in websites, web applications, and associated components. It systematically analyses the
architecture, configurations, and codebase of web applications to identify vulnerabilities such as SQL injection,
Cross-Site Scripting (XSS), insecure authentication mechanisms, and outdated dependencies.
Web-based scanners are indispensable for organizations striving to maintain a robust security posture. They
offer the following advantages:
• Comprehensive Coverage: Scans multiple layers of web applications, including server configurations,
application logic, and third-party dependencies.
• Time Efficiency: Automates the vulnerability assessment process, significantly reducing the time
needed for manual inspections.
• Prioritized Risk Management: Categorizes vulnerabilities by severity, enabling organizations to
address critical issues promptly.
• Compliance Assistance: Supports adherence to industry standards such as OWASP

Dept. of CSE, RGIT 2024-2025 Page | 1

WEB BASED VULNERABILITY
SCANNER

1.2 PROBLEM STATEMENT

In today’s rapidly evolving digital landscape, web applications are increasingly targeted by malicious actors
due to their widespread adoption and exposure on the internet. As more businesses move their operations
online, web applications become prime targets for cyberattacks, which can result in significant financial losses,
data breaches, and reputational damage. Organizations are continuously grappling with a growing number of
sophisticated threats such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and
other vulnerabilities that compromise the security of their online platforms.
The challenge lies in identifying these vulnerabilities proactively, before they can be exploited by attackers.
Traditional security audits, though essential, are time-consuming, often requiring specialized expertise and
manual intervention. Furthermore, these audits tend to be reactive, typically identifying vulnerabilities only
after an attack has occurred. This leaves organizations vulnerable during the interim, with potentially
catastrophic consequences. As web applications become more complex, the task of manually identifying and
fixing vulnerabilities becomes even more daunting, especially when organizations are under pressure to release
updates quickly.
Another key issue is that many small-to-medium-sized enterprises (SMEs) lack the financial and technical
resources to deploy or maintain enterprise-grade security solutions, which are often expensive and difficult to
manage. These organizations may not have dedicated security teams, making it challenging to ensure ongoing
vigilance against emerging threats. Without affordable and efficient solutions, these businesses remain at risk,
potentially jeopardizing their data and customer trust.
Therefore, there is an urgent need for automated, accessible, and cost-effective vulnerability scanning solutions
that can help organizations detect and mitigate vulnerabilities at an early stage. Such solutions would not only
help in identifying common vulnerabilities like SQL injections, XSS, and open redirects but also provide
actionable insights and remediation advice for non-expert users, enabling businesses to bolster their security
posture investment.

Dept. of CSE, RGIT 2024-2025 Page | 2

WEB BASED VULNERABILITY
SCANNER

1.3 OBJECTIVES
Automate Vulnerability Detection: Enable automated scanning to identify common web application
vulnerabilities like SQL injection, XSS, and CSRF.
Enhance Accessibility: Provide an easy-to-use platform that is suitable for both technical and non-
technical users.
Deliver Actionable Insights: Generate clear, prioritized reports with recommendations for addressing
vulnerabilities.
Ensure Cost-Effectiveness: Offer a scalable solution with flexible pricing to accommodate organizations
of all sizes.
Support Continuous Updates: Regularly update the scanner to detect emerging threats and adapt to
new web technologies.
Facilitate Proactive Security: Empower organizations to identify and fix vulnerabilities before they
can be exploited by attackers.
Promote Scalability: Allow for seamless integration and scalability to support a wide range of applications
and infrastructures.
Improve Security Awareness: Educate users on vulnerabilities and best practices to strengthen overall

Dept. of CSE, RGIT 2024-2025 Page | 3

WEB BASED VULNERABILITY
SCANNER

CHAPTER 2
2.1 LITERATURE SURVEY

1. Overview of Web Application Vulnerabilities

• OWASP Top 10: A widely recognized standard for the most critical web application vulnerabilities,
including SQL Injection, XSS, and CSRF. The OWASP foundation emphasizes the importance of
proactive vulnerability detection and mitigation strategies.
• CWE (Common Weakness Enumeration): Provides a detailed list of software weaknesses and serves
as a foundation for understanding various web security issues.

Key Insight: Many vulnerabilities arise due to inadequate input validation, poor coding practices, and outdated
libraries.

2. Existing Vulnerability Scanners

Several tools have been developed to identify vulnerabilities in web applications, including:
• Burp Suite: A widely used tool for manual and automated security testing, offering comprehensive
features but requiring significant expertise.
• Nessus: Focuses on identifying known vulnerabilities across systems and applications, though
primarily geared towards system-level rather than application-specific testing.
• OWASP ZAP (Zed Attack Proxy): An open-source tool for automated vulnerability scans but
often lacks user-friendly reporting for non-technical users.

3. Techniques for Vulnerability Detection

• Static Application Security Testing (SAST): Analyzes source code for vulnerabilities
without executing the application. Effective but limited to accessible codebases.

• Dynamic Application Security Testing (DAST): Tests applications in a running state to

identify runtime vulnerabilities, suitable for black-box testing.

• Hybrid Testing: Combines SAST and DAST for more comprehensive coverage, though it can be
resource-intensive

Dept. of CSE, RGIT 2024-2025 Page | 4

WEB BASED VULNERABILITY
SCANNER

2.2 DISADVANTAGES OF EXISTING SYSTEM

1. Limited Accuracy
• False Positives: Scanners may flag safe elements as vulnerabilities, leading to unnecessary
remediation efforts.
• False Negatives: Some vulnerabilities might go undetected, particularly zero-day exploits or those
requiring complex exploitation techniques.

2. Incomplete Coverage
• Many scanners are unable to detect vulnerabilities in:
o Custom-built applications with unique logic.
o Applications using proprietary technologies or configurations.
o Vulnerabilities in third-party integrations or dependencies.

3. Dependency on Updates
• Scanners need regular updates to identify new vulnerabilities and threats. If updates lag, the tool may
fail to detect recent exploits or techniques.
4. Resource Intensity
• Frequent scanning can consume significant system resources, potentially slowing down applications
during scans.
• High-performance systems are required to handle large-scale or complex applications.

5. Lack of Context

• Automated scanners often lack the ability to fully understand the business logic of an application,
missing vulnerabilities tied to logic flaws.
• They may not prioritize issues effectively for the specific risk environment of an organization.
6. Over-Reliance on Automation
• Organizations may overly rely on scanners and neglect manual testing, which is crucial for identifying
nuanced vulnerabilities and complex exploits.
• Tools cannot replace human expertise, especially for advanced threat scenarios.

7. Potential Security Risks

• Storing scan results on web-based platforms may expose sensitive information about an organization's
vulnerabilities if not adequately secured.
• Web-based tools could themselves become targets for attackers, potentially leading to exploitation.

Dept. of CSE, RGIT 2024-2025 Page | 5

WEB BASED VULNERABILITY
SCANNER

8. Cost for Advanced Features

• While basic functionality may be free or low-cost, advanced features such as deep scanning, custom
configurations, and premium reporting often require expensive subscriptions.
9. Limited Compatibility
• Some tools may struggle with modern application architectures, such as:
o Single-page applications (SPAs).

o Applications using advanced client-side frameworks like React or Angular.

o Serverless or microservices-based architecture

Dept. of CSE, RGIT 2024-2025 Page | 6

WEB BASED VULNERABILITY
SCANNER

CHAPTER 3

3.1 State-of-the-Art of existing technology:

Paper Technology/Tool Speed of HTTPS End- Error Handling Strengths Weaknesses

No. Detection to-End Mechanism
Encryption
1 OWASP ZAP Medium, Support Basic error Open- source, May require
relies on HTTPS handling, logs well- manual

scanning detected issues tuning for

2 Burp Suite High, with Strong Comprehensive Widely used, Paid version
fast active HTTPS error reporting detailed required for
scanning with detailed reports, advanced
support with
options feedback flexible features
custom
scanning
settings
options

3 Acunetix High, uses Supports Automated error User- Commercial

optimized HTTPS and detection and friendly, tool,
scanning SSL/TLS reporting high expensive

algorithms verification detection

accuracy,

automation

4 Netsparker High, utilizes Full support Detailed error Automated Costly,

intelligent for messages with proof of especially
automation recommended exploit, for large-
HTTPS/SSL
solutions scale use
scanning detailed
reporting

5 Nikto Low, slower Limited Basic error Open- source, Lacks

due to HTTPS logging, less simple to use advanced
detailed detection,
extensive support
not user-
checks
friendly.

Dept. of CSE, RGIT 2024-2025 Page | 7

WEB BASED VULNERABILITY
SCANNER

CHAPTER 4
METHODOLOGY
The methodology outlines a structured approach for designing, developing, and deploying a web-based
vulnerability scanner. It focuses on achieving automation, user-friendliness, and scalability while ensuring
comprehensive detection capabilities.

4.1. Requirement Analysis

• Identify the target audience (SMEs, security professionals, developers).

• Understand key security challenges, such as common vulnerabilities (OWASP Top 10, CWE).

• Define project goals: automation, cost-effectiveness, user-friendly interface, and actionable insights.

4.2 Design and Architecture

• Framework Selection: Choose scalable and secure technologies for backend ( Python) and frontend
(JavaScript).

• Core Components:

1. Scanner Engine: Performs vulnerability assessments using dynamic application security testing
(DAST).

2. Threat Database: Maintains a regularly updated repository of known vulnerabilities

2. User Interface (UI): Develop an intuitive interface for configuring scans, viewing results.

4 .3 Development
• Scanner Development:

o Use automated crawling to map application endpoints.

o Implement detection modules for common vulnerabilities (e.g., SQL injection, XSS).

• Threat Detection Algorithms:

o Static pattern matching for known exploits.

o AI/ML integration to predict unknown vulnerabilities.

• Security Integration:

Dept. of CSE, RGIT 2024-2025 Page | 8

WEB BASED VULNERABILITY
SCANNER

o Use encryption for all communication and data storage.

o Apply secure coding practices to mitigate risks in the scanner itself.

4.4 Testing

• Functional Testing: Ensure all scanner features (e.g., vulnerability detection, reporting) work as
intended.

• Accuracy Testing:

o Measure false positives and negatives against benchmark applications.

o Test detection capabilities with real-world vulnerabilities.

4.5 Deployment

• Deploy the scanner on a secure cloud platform with appropriate scalability (e.g., AWS, Azure, GCP).

• Implement user authentication and role-based access control to ensure security.

• Offer different pricing tiers (e.g., free basic scanning, premium for advanced features).

4.6 Maintenance and Updates

• Regular Updates: Continuously update the vulnerability database with new threats.

• Customer Feedback: Gather feedback to improve usability and add new features.

• Threat Intelligence Integration: Use feeds from security databases like CVE

4.7. Key Features

• Automation: Regularly schedule scans with minimal user input.

• Comprehensive Reporting: Provide prioritized findings with clear remediation steps.

• Scalability: Support various application sizes and architectures.

• Education Tools: Offer in-app tips and resources to improve user understanding of vulnerabilities.

4.8 Validation and Iteration

• Run the tool in real-world scenarios across different industries and application types.

• Iterate based on test results and customer feedback to ensure continuous improvement

Dept. of CSE, RGIT 2024-2025 Page | 9

WEB BASED VULNERABILITY
SCANNER

CHAPTER 5
SNAP SHOTS
About Page

Contact Page

Dept. of CSE, RGIT 2024-2025 Page | 10

WEB BASED VULNERABILITY
SCANNER

Hosting The Web Application Through GitHub

Main Page(with URL entered example)

Dept. of CSE, RGIT 2024-2025 Page | 11

WEB BASED VULNERABILITY
SCANNER

List of specific vulnerabilities option to scan (such as SQL injections and open redirect)

Website with no vulnerabilities detected such as google (scan for SQL injections)

Dept. of CSE, RGIT 2024-2025 Page | 12

WEB BASED VULNERABILITY
SCANNER

Website with vulnerabilities detected (scan for open redirect)

Dept. of CSE, RGIT 2024-2025 Page | 13

WEB BASED VULNERABILITY
SCANNER

CHAPTER 6
SOURCE CODE:

6.1 (Backend Technology) using python flask module

app.py

from flask import Flask, request, render_template, jsonify

import requests
import socket
from urllib.parse import urlparse
import re # For XSS and SQL Injection detection simulations
from flask_cors import CORS

app = Flask(_name_)
CORS(app)

app = Flask(_name_)
# Example Flask route allowing POST requests

@app.route('/submit', methods=['POST'])
def submit_form():
return "Form submitted!"

# Function to detect SQL Injection (Improved mechanism)

def detect_sql_injection(url):
# List of SQL injection patterns
suspicious_payloads = [
"' OR 1=1 --", "' OR '1'='1", "\" OR \"1\"=\"1", ";--", "--", "UNION SELECT", "DROP
TABLE", "SELECT * FROM"
]

for payload in suspicious_payloads:

if re.search(re.escape(payload), url, re.IGNORECASE): # Case-insensitive matching

Dept. of CSE, RGIT 2024-2025 Page | 14

WEB BASED VULNERABILITY
SCANNER

return "Potential SQL Injection detected"

return "No SQL Injection detected"

# Function to detect XSS (Improved mechanism)

def detect_xss(url):
# Common XSS payloads (strengthened detection)
patterns = ["<script", "alert", "<img", "onerror"]
for pattern in patterns:
if pattern in input.lower():
return True # XSS indication
return False

xss_payloads = [
"<script>", "</script>", "onerror=", "alert(", "<img src=", "<iframe", "document.cookie",
"eval("
]

for payload in xss_payloads:

if re.search(re.escape(payload), url.lower(), re.IGNORECASE): # Case-insensitive
matching
return "Potential XSS vulnerability detected"

return "No XSS detected"

# Function to detect CSRF (Basic mechanism simulation)

def detect_csrf(url):
# CSRF requires a form with specific request methods, so manual verification is advised
return "CSRF detection is beyond URL scanning. Use manual analysis."

# Function to detect Open Redirect (Improved detection)

def detect_open_redirect(url):
# Common patterns that suggest open redirects

Dept. of CSE, RGIT 2024-2025 Page | 15

WEB BASED VULNERABILITY
SCANNER

open_redirect_patterns = ["//", "http://", "https://", "www."]

# Check if the URL might redirect to an external site

if any(pattern in url.lower() for pattern in open_redirect_patterns):
return "Potential Open Redirect vulnerability detected"

return "No Open Redirect detected"

# Function to get URL details (with error handling)

def get_url_details(url):
try:
hostname = urlparse(url).hostname
ip_address = socket.gethostbyname(hostname)
# Use IPInfo API to fetch headquarters (replace 'your_api_token' with an actual token)
response = requests.get(f"https://ipinfo.io/{ip_address}/json?token=24ef2ca606de65")

if response.status_code == 200:
data = response.json()
headquarters = data.get("org", "Unknown Headquarters")
else:
headquarters = "Unknown Headquarters"

return {"ip_address": ip_address, "headquarters": headquarters}

except Exception as e:
return {"ip_address": "Unknown", "headquarters": "Unknown", "error": str(e)}

@app.route('/')
def home():
return render_template('index.html') # Render your HTML file

@app.route('/scan', methods=['POST'])

Dept. of CSE, RGIT 2024-2025 Page | 16

WEB BASED VULNERABILITY
SCANNER

def scan():
url = request.form.get('url')
vulnerability = request.form.get('vulnerability')

if not url:
return jsonify({"error": "URL is required"})

try:
# Get URL details
url_details = get_url_details(url)

# Detect vulnerabilities based on the user's choice

scan_result = {}
if vulnerability == 'sql_injection':
scan_result['sql_injection'] = detect_sql_injection(url)
elif vulnerability == 'xss':
scan_result['xss'] = detect_xss(url)
elif vulnerability == 'csrf':
scan_result['csrf'] = detect_csrf(url)
elif vulnerability == 'open_redirect':
scan_result['open_redirect'] = detect_open_redirect(url)

# Simulate a vulnerability summary

vulnerability_summary = {
"risk_level": "Medium" if any("Potential" in result for result in scan_result.values()) else
"Low"
}

return render_template(
'index.html',
scan_result=scan_result,
url_details=url_details,
vulnerability_summary=vulnerability_summary
)

Dept. of CSE, RGIT 2024-2025 Page | 17

WEB BASED VULNERABILITY
SCANNER

except Exception as e:
return render_template('index.html', error=str(e))

if _name_ == '_main_':
app.run(debug=True)

Dept. of CSE, RGIT 2024-2025 Page | 18

WEB BASED VULNERABILITY
SCANNER

6.2 Frontend Technology

(HTML, CSS AND JS)
<!DOCTYPE html>
<html lang="en">

<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Armor Scan</title>
<script src="https://cdn.tailwindcss.com"></script>
<link href="https://fonts.googleapis.com/css2?family=Courier+Prime&display=swap"
rel="stylesheet">
<style>
body {
font-family: 'Courier Prime', monospace;
}
.hidden {
display: none;
}
</style>
</head>
<body class="bg-gradient-to-r from-blue-500 via-purple-600 to-pink-500 min-h-screen flex flex-col
items-center justify-center text-white">
<div class="container mx-auto p-8 bg-black bg-opacity-80 rounded-lg shadow-2xl max-w-
4xl">
<div class="header text-center mb-8">
<h1 class="text-5xl font-extrabold mb-6">Armor Scan</h1>
<nav class="text-lg">
<a href="javascript:void(0);" onclick="showPage('home')" class="hover:text-blue-300
mx-4">Home</a> |
<a href="javascript:void(0);" onclick="showPage('about')" class="hover:text-blue-300
mx-4">About</a> |
<a href="javascript:void(0);" onclick="showPage('contact')" class="hover:text-blue-
300 mx-4">Contact</a>

Dept. of CSE, RGIT 2024-2025 Page | 19

WEB BASED VULNERABILITY
SCANNER

</nav>
</div>

<!-- Home Page -->

<div id="home" class="page">
<div class="scanner-box text-center">
<h2 class="text-3xl font-semibold mb-6">Enter URL to Scan:</h2>
<form action="/scan" method="POST">
<input type="text" name="url" placeholder="Enter URL" required class="w-3/4 p-3
mb-6 text-black rounded-md border-2 border-blue-500 focus:outline-none focus:border-blue-
700">
<div class="mb-6">
<label for="vuln-type" class="block mb-2 text-lg">Select Vulnerability to
Scan:</label>
<select id="vuln-type" name="vulnerability" class="w-3/4 p-3 text-black
rounded-md border-2 border-blue-500">
<option value="sql_injection">SQL Injection</option>
<option value="xss">XSS</option>
<option value="csrf">CSRF</option>
<option value="open_redirect">Open Redirect</option>
</select>
</div>
<button type="submit" class="animate-btn bg-blue-500 text-black py-3 px-6
rounded-md hover:bg-blue-700 transition-transform transform hover:scale-105">Scan</button>
</form>

<!-- Scan Result -->

{% if scan_result %}
<div id="scan-result" class="mt-8 text-left">
<h3 class="text-2xl font-semibold mb-4">Scan Results:</h3>
<ul class="list-disc list-inside">
<li><strong>SQL Injection:</strong> {{ scan_result['sql_injection'] }}</li>
<li><strong>XSS:</strong> {{ scan_result['xss'] }}</li>
<li><strong>CSRF:</strong> {{ scan_result['csrf'] }}</li>
<li><strong>Open Redirect:</strong> {{ scan_result['open_redirect'] }}</li>

Dept. of CSE, RGIT 2024-2025 Page | 20

WEB BASED VULNERABILITY
SCANNER

</ul>
</div>

<div class="mt-6">
<h4 class="text-xl font-semibold">URL Details:</h4>
<p><strong>Headquarters:</strong> {{ url_details['headquarters'] }}</p>
<p><strong>IP Address:</strong> {{ url_details['ip_address'] }}</p>
</div>

<div class="mt-6">
<h4 class="text-xl font-semibold">Vulnerability Summary:</h4>
<p><strong>Risk Level:</strong> {{ vulnerability_summary['risk_level'] }}</p>
</div>
{% endif %}
<!-- Error Message -->
{% if error %}
<div class="mt-6 text-red-400">
<p><strong>Error:</strong> {{ error }}</p>
</div>
{% endif %}
</div>
</div>

<!-- About Page -->

<div id="about" class="page hidden">
<h2 class="text-3xl font-semibold mb-6">About Armor Scan</h2>
<p>Armor Scan is a comprehensive web vulnerability scanner designed to help detect
critical security issues like SQL Injection, XSS, CSRF, and Open Redirect vulnerabilities. It
provides detailed reports and insights to strengthen your web security.</p>
</div>

<!-- Contact Page -->

<div id="contact" class="page hidden">
<h2 class="text-3xl font-semibold mb-6">Contact Us</h2>
<p>Email: support@armorscan.com</p>

Dept. of CSE, RGIT 2024-2025 Page | 21

WEB BASED VULNERABILITY
SCANNER

<p>Phone: +1-800-ARMOR-SCAN</p>
</div>

<div class="footer text-center mt-10">

<p>&copy; 2024 Armor Scan. All Rights Reserved.</p>
</div>
</div>

JAVASCRIPT:

<script>
// Function to show different pages (Home, About, Contact)
function showPage(page) {
const pages = document.querySelectorAll('.page');
pages.forEach((p) => p.classList.add('hidden'));
document.getElementById(page).classList.remove('hidden');
}
</script>

Dept. of CSE, RGIT 2024-2025 Page | 22

WEB BASED VULNERABILITY
SCANNER

CONCLUSION

SIGNIFICANCE OF THE PROJECT TO SOCIETY:

This project plays a crucial role in enhancing the overall security landscape by addressing web
vulnerabilitiesthat threaten both organizations and users.

1. Enhanced Cybersecurity: Increases overall security for web applications, protecting sensitive data
fromcyber threats.

2. User Trust: Builds consumer confidence in online platforms through reliable vulnerability assessments.
3. Proactive Risk Management: Enables organizations to identify and remediate vulnerabilities
before theycan be exploited.

4. Awareness and Education: Raises awareness about web security issues, encouraging best practices
amongdevelopers and users.

5. Support for Compliance: Assists businesses in meeting regulatory requirements for data
protection andcybersecurity standards.

Dept. of CSE, RGIT 2024-2025 Page | 23

WEB BASED VULNERABILITY
SCANNER

Bibliography

Base Paper (References):

1. Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking
MUTEEB BIN MUZAMMIL1, MUHAMMAD BILAL SANDILE C. SHONGWE 2,3, SAHAR
AJMAL 5,ANDYAZEED Y. GHADI6 Received 17 December 2023, accepted 28 December 2023, date
of publication 5 January 2024, date of current version 16 January 2024.

2. [1] O. B. Al-Khurafi and M. A. Al-Ahmad, ‘‘Survey of web application vulnerability attacks,’’ in Proc.
4th Int. Conf. Adv. Comput. Sci. Appl. Technol. (ACSAT), Dec. 2015, pp. 154–158.

3. [2] M.S.Hossain, A. Paul, M. H. Islam, and M. Atiquzzaman, ‘‘Survey of the protection mechanisms
to the SSL-based session hijacking attacks,’’ Netw. Protocols Algorithms, vol. 10, no. 1, pp. 83–108,
Apr. 2018.

4. [3] L. L. Dhirani, N. Mukhtiar, B. S. Chowdhry, and T. Newe, ‘‘Ethical

dilemmasandprivacyissuesinemergingtechnologies:Areview,’’Sensors, vol. 23, no. 3, p. 1151, Jan.
2023.

Other references:
1. Shelly, David Andrew. "Using a Web Server Test Bed to Analyze the Limitations of Web Application
Vulnerability Scanners." Thesis, Virginia Tech, 2010. http://hdl.handle.net/10919/34464.

2. Swarup, Shivam, and Dr R. K. Kapoor. "Web Vulnerability Scanner (WVS): A Tool for detecting Web
Application Vulnerabilities." International Journal of Engineering Research 3, no. 2 (February 1, 2014):
126–31. http://dx.doi.org/10.17950/ijer/v3s2/219.

3. Maini, Rahul, Rahul Pandey, Rajeev Kumar, and Rajat Gupta. "AUTOMATED WEB
VULNERABILITY SCANNER." International Journal of Engineering Applied Sciences and
Technology 4, no. 1 (May 31, 2019): 132–http://dx.doi.org/10.33564/ijeast.2019.v04i01.022.

4. Mahajan, Vijay Bhagwan. "Web Application Vulnerability Scanner." International Journal for Research
in Applied Science and Engineering Technology 7, no. 6 (June 30, 2019): 386–90.
http://dx.doi.org/10.22214/ijraset.2019.6066.

5. Chen, Jingxia, Xiuling Chen, and Bo Yu. "Design of web vulnerability scanner based on go
language." MATEC Web of Conferences 336 (2021): 08010.
http://dx.doi.org/10.1051/matecconf/202133608010.

Dept. of CSE, RGIT 2024-2025 Page | 24