🛡

Web Vuln Scanner

Automated vulnerability assessment for web applications. Test headers, XSS, SQLi, and SSL configuration.

Checking Headers
Testing XSS
Testing SQLi
Analyzing SSL
0
Overall Security Score
2 High
3 Medium
1 Low
🔐 Security Headers
C
Content-Security-Policy Present
X-Frame-Options Missing
X-Content-Type-Options nosniff
Strict-Transport-Security Missing
X-XSS-Protection 1; mode=block
!
Referrer-Policy Weak policy
Permissions-Policy Missing
⚠️ XSS Testing
HIGH

Tested 24 payloads across 3 injection points. 2 reflected XSS found.

✓ <script>alert(1)</script> — Blocked
✓ <img src=x onerror=alert(1)> — Blocked
✗ <svg/onload=alert(1)> — REFLECTED in /search?q=
✓ javascript:alert(1) — Blocked
✗ '"><script>alert(document.cookie)</script> — REFLECTED in /comment
✓ <body onload=alert(1)> — Blocked
🗃 SQL Injection
LOW

Tested 18 payloads. No confirmed injection, 1 suspicious response.

Union-based injection — Not vulnerable
Boolean-based blind — Not vulnerable
!
Time-based blind — Suspicious delay on /api/user?id=1' AND SLEEP(5)--
Error-based injection — Not vulnerable
🔒 SSL/TLS Analysis
B+
Protocol
TLS 1.3
Certificate
Let's Encrypt (Valid)
Expires
2024-09-15 (87 days)
Cipher Suite
TLS_AES_256_GCM_SHA384
HSTS
Not Configured
OCSP Stapling
Enabled