Web Audit Tool

Professional web security auditing tool with ethical approach for authorized security testing.

Features

• Reconnaissance: Network scanning with Nmap (ports, services, OS detection)
• Web Analysis: HTTP security headers, cookies, SSL analysis
• Vulnerability Detection: SQL injection, XSS, misconfigurations
• Multiple Scan Types: quick, full, recon, web, vuln
• Reports: JSON and HTML export with severity classification

Installation

pip install poetry
poetry install

Usage

CLI Commands

# Quick scan (HTTP analysis)
poetry run python -m app.cli.main scan --target http://example.com --scan-type quick

# Full scan (all modules)
poetry run python -m app.cli.main scan --target example.com --scan-type full --output html

# Reconnaissance scan
poetry run python -m app.cli.main recon --target 192.168.1.1

# Web scan
poetry run python -m app.cli.main web --target http://example.com

# Vulnerability scan
poetry run python -m app.cli.main vuln --target http://example.com

Flags

• --target, -t: Target URL or IP address
• --scan-type, -s: Scan type (quick, full, recon, web, vuln)
• --output, -o: Output format (json, html)
• --verbose, -v: Enable verbose output

Docker

cd docker
docker-compose up -d

API

# Start API server
uvicorn app.api.routes:router --host 0.0.0.0 --port 8000

# Create scan
curl -X POST http://localhost:8000/api/v1/scan \
  -H "Content-Type: application/json" \
  -d '{"target": "http://example.com", "scan_type": "quick"}'

Configuration

Edit config/settings.py or set environment variables:

• LOG_LEVEL: Logging level (INFO, DEBUG, etc.)
• REDIS_URL: Redis connection URL
• REPORTS_DIR: Output directory for reports

Disclaimer

This tool is for authorized security testing only. Always ensure you have explicit permission before scanning any target.

License

GNU GENERAL PUBLIC LICENSE