Red Python Web Automated Vulnerability Scanner

Project Title

Red Python Web Automated Vulnerability Scanner

Project Area of Specialization Cyber SecurityProject Summary

We propose Web Based Automated Vulnerability Application/scanner which will detect 5 different types of vulnerabilities like Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQLI Injection, Remote Code Execution (RCE) and Man In The Middle Attack (MITM) with detection of IP Poising and Address Resolution Protocol (ARP) Spoofing techniques. We will make a Website in which Pen-tester (Security Researcher) can check the vulnerability of their desired Website by just entering the DNS or IP address, our system will tell either the targeted Website is vulnerable or not, if vulnerability found then a Pop up message will be displayed on the Website screen as pop up message with all the details of vulnerabilities about that target WebsiteWe propose Web Based Automated Vulnerability Application/scanner which will detect 5 different types of vulnerabilities like Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQLI Injection, Remote Code Execution (RCE) and Man In The Middle Attack (MITM) with detection of IP Poising and Address Resolution Protocol (ARP) Spoofing techniques. We will make a Website in which Pen-tester (Security Researcher) can check the vulnerability of their desired Website by just entering the DNS or IP address, our system will tell either the targeted Website is vulnerable or not, if vulnerability found then a Pop up message will be displayed on the Website screen as pop up message with all the details of vulnerabilities about that target WebsiteWe propose Web Based Automated Vulnerability Application/scanner which will detect 5 different types of vulnerabilities like Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQLI Injection, Remote Code Execution (RCE) and Man In The Middle Attack (MITM) with detection of IP Poising and Address Resolution Protocol (ARP) Spoofing techniques. We will make a Website in which Pen-tester (Security Researcher) can check the vulnerability of their desired Website by just entering the DNS or IP address, our system will tell either the targeted Website is vulnerable or not, if vulnerability found then a Pop up message will be displayed on the Website screen as pop up message. 

Project Objectives

“To design Web based automated vulnerability scanner to detect and find the vulnerability in the Websites.”

Project Implementation Method Our Algorithm consists of 4 Components:

1.  Crawler - The crawler will visit a starting Web page and parse the provided links, crawling to all pages in an application. this is a program that browses from one Web page to the other on a Web application gathering information about the application.
2.  Fuzzer – This automated equipment connects with a crawler that handle the input and expose the vulnerability. 
3. Analyser – Analyser help to find the vulnerabilities discovered by the fuzzer and determines whether the attack was successful or not.
4.  Report Generator – This component organizes the results and will show pop up message in the browser with all possible scanning details of Website.

1 Pen tester will first sign up and get itself registered before using the services to find vulnerabilities. After then pen tester will log in to the Web based Vulnerability Scanner to access the available tools for finding vulnerabilities according to its own choice. There are total of six tool in the Web Base Vulnerability Scanner which we mentioned above, user can select any of the tool, every tool has its own functions.

If pen tester selects SQLI injection, pen tester has to provide IP/DNS of the target Website to find vulnerabilities then the system will do processing and after then displayed a message on the Website related to the vulnerabilities about that Website, message will be displayed as well either the Website is non vulnerable.

If pen tester selects any of the tool (XSS, CSRF, RCE, IP spoofing, ARP spoofing) he have to provide IP/DNS of the target Website to find vulnerabilities. Then the corresponding selected tool will give response in term of displaying message on the Website about the detail of the vulnerabilities about the target Website.

Benefits of the Project

1. Project Scope Description: Our main interest of an area, our final project will be a such automated vulnerability scanner which will be Web Based. Pen-tester have to just enter the IP or DNS and it will pop up all the possible vulnerability in browser as a proof.
2. Project Deliverables: It is also known as project objective. Upon completion of project it will produce a security Application which user will use to detect the dangerous vulnerability in the Web Application.
3. Project Benefits: As Information Security is a critical problem now a days, our focus area is Web Application security in which it will help to secure web Application

Technical Details of Final Deliverable

Final Delierable will be WebApplication which will host on server. Automated Scanner will integrate with web application through API's. 

Final Deliverable of the Project Software SystemType of Industry Security Technologies OthersSustainable Development Goals Partnerships to achieve the GoalRequired Resources

Item Name	Type	No. of Units	Per Unit Cost (in Rs)	Total (in Rs)
			Total in (Rs)	80000
API's	Miscellaneous	1	10000	10000
Fuzzer	Equipment	1	70000	70000