Show simple item record

Web Vulnerability Scanner Tools

dc.contributor.authorMd., Shawon Ali
dc.date.accessioned2026-03-30T05:21:36Z
dc.date.available2026-03-30T05:21:36Z
dc.date.issued2025-01-12
dc.identifier.urihttp://suspace.su.edu.bd/handle/123456789/2609
dc.description.abstractCybersecurity is now increasingly threatened by numerous attacks on web applications, therefore it has become necessary to perform automated vulnerability assessment as part of a company's overall security program. In this paper we describe how a modular web vulnerability scanner was created to detect several forms of vulnerabilities that exist in web based (or web hosted) applications. A modular web vulnerability scanner has two different modalities to perform both Passive and Active assessment techniques, including: passive reconnaissance (Passive Data Collection) in subdomain enumeration from publicly available sources and URL parameter collection; and Active Assessment methodologies such as Directory Brute force Testing to find web directories, and to test for path traversal vulnerability with a Targeted Payload. This scanner can also identify security-related Misconfiguration Errors such as Secure Cookie settings, Clickjacking, and sensitive information exposed via robots.txt and Sitemap.xml. This scanner will also provide an Automated Credential Testing Module using Selenium (a widely used open-source web automation tool) that allows the Automated Detection of weak or default usernames and passwords. The core scanning engine was created using the Python Programming Language and we used Selenium libraries to automate a web browser to test credentials. The output produced by this scanner includes reports with structured information on all vulnerabilities organized by their severity (High Medium Low) to facilitate remediation decisions. Dedicated Testing Environments have been set up to test the capability of this scanner to detect both Configuration Errors and Coding Errors, thus providing a concrete means by which to improve the security of web applications. This project provides an opportunity to gain hands-on experience with conducting penetration tests for this type of security issue. Keywords: Web Vulnerability Scanner, Path Traversal, Credential Testing, Cybersecurity, Automated Reconnaissanceen_US
dc.language.isoen_USen_US
dc.publisherSonargaon Universityen_US
dc.relation.ispartofseries;CSE-250263
dc.subjectWeb Vulnerability Scanner Toolsen_US
dc.titleWeb Vulnerability Scanner Toolsen_US
dc.typeThesisen_US


Files in this item

Thumbnail
Name:
CSE- 250263.pdf
Size:
1.365Mb
Format:
PDF
View/Open

This item appears in the following Collection(s)

Show simple item record