[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-80064":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":13,"stars30d":15,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":16,"rankGlobal":10,"rankLanguage":10,"license":17,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":10,"pushedAt":10,"updatedAt":34,"readmeContent":35,"aiSummary":36,"trendingCount":14,"starSnapshotCount":14,"syncStatus":37,"lastSyncTime":38,"discoverSource":39},80064,"web-security-scanner-pro","miladrezanezhad\u002Fweb-security-scanner-pro","miladrezanezhad","Advanced web security scanner with 49 modules, evasion engine, and CVE database.","https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki",null,"Python",76,1,0,16,0.9,"Other",false,"main",true,[22,23,24,25,26,27,28,29,30,31,32,33],"cve-scanner","open-source","penetration-testing","python","security-scanner","security-tools","sql-injection","vulnerability-scanners","waf-bypass","web-security","wordpress-security","xss-detection","2026-06-12 02:03:57","\u003Cdiv align=\"center\">\n\n\u003Cimg src=\"image.png\" alt=\"Web Security Scanner Pro\">\n\n# 🔒 Web Security Analyzer Pro v3.0\n\nAdvanced Open Source Web Security Scanner\n\n\u003C\u002Fdiv>\n\n[![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.9%2B-blue)](https:\u002F\u002Fpython.org)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-green.svg)](LICENSE)\n[![Tests](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTests-230%2B%20Passed-brightgreen)]()\n[![Version](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVersion-3.0.0-orange)]()\n[![Wiki](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDocs-Wiki-blue)](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki)\n\n> **The most comprehensive free and open-source web security scanner.**\n\nWSA Pro tests websites and servers for 49 different types of security vulnerabilities, outdated software with known CVEs, and dangerous misconfigurations — all while evading WAF detection with a built-in stealth engine.\n\n---\n\n## ⚠️ LEGAL WARNING\n\nThis tool is designed for **legitimate security testing only**.\n\n### ✅ Allowed Use\n- Testing your own websites and servers\n- Penetration testing with **written authorization** from the target owner\n- Educational purposes in controlled lab environments\n- Capture The Flag (CTF) competitions\n- Security research and vulnerability assessment\n\n### ❌ Prohibited Use\n- Scanning websites without explicit permission\n- Unauthorized penetration testing\n- Any malicious or illegal activities\n- Violating computer fraud and abuse laws\n\n### Applicable Laws\n- **United States:** Computer Fraud and Abuse Act (CFAA)\n- **United Kingdom:** Computer Misuse Act 1990\n- **European Union:** General Data Protection Regulation (GDPR)\n- Local cybersecurity laws in your jurisdiction\n\n**THE DEVELOPERS ASSUME NO LIABILITY FOR UNAUTHORIZED OR ILLEGAL USE. YOU ARE SOLELY RESPONSIBLE FOR COMPLYING WITH ALL APPLICABLE LAWS.**\n\n---\n\n## 📊 Features\n\n### Security Modules (49 Total)\n\n| Category | Count | Modules |\n|----------|:-----:|---------|\n| **CMS** | 11 | WordPress (9), Joomla, Drupal |\n| **Web Servers** | 5 | Apache, Nginx, LiteSpeed, IIS, Tomcat |\n| **PHP** | 4 | Version, Config, Dangerous Functions, Info |\n| **Databases** | 5 | MySQL, PostgreSQL, Redis, MongoDB, Elasticsearch |\n| **Control Panels** | 4 | cPanel, DirectAdmin, Plesk, Virtualmin |\n| **Vulnerabilities** | 12 | XSS, SQLi (Advanced), DOM XSS, LFI, RFI, XXE, SSTI, CSRF, Command Injection, File Upload, SSRF, Deserialization |\n| **SSL\u002FTLS** | 3 | Certificate, Protocols, Ciphers |\n| **Headers** | 2 | Security Headers, Information Disclosure |\n| **API Security** | 3 | GraphQL, REST API, JWT |\n\n### Advanced SQL Injection Scanner\n- **Error-based** — Detects injection from database error messages\n- **Boolean-based blind** — Compares TRUE\u002FFALSE response differences\n- **Time-based blind** — Measures response delay (SLEEP, pg_sleep, WAITFOR DELAY)\n- **UNION-based** — Automatic column count detection via ORDER BY\n- **Database fingerprinting** — Identifies MySQL, PostgreSQL, MSSQL, Oracle, SQLite\n\n### Evasion Engine\n- **User-Agent rotation** — 15+ real browser profiles\n- **Smart rate limiting** — Configurable delays with random jitter\n- **WAF detection** — Identifies Cloudflare, Sucuri, Wordfence, AWS WAF, ModSecurity, Akamai, Imperva\n- **Captcha detection** — reCAPTCHA, hCaptcha, Cloudflare Turnstile\n- **Exponential backoff** — Automatic retry with increasing delays\n- **Proxy support** — HTTP, HTTPS, SOCKS5, Tor network\n\n### Reporting\n- **HTML** — Interactive charts, collapsible sections, responsive design\n- **PDF** — Professional layout, A4 formatted, print-ready\n- **Markdown** — GitHub-compatible, plain text, version control friendly\n- **JSON** — Machine-readable, API integration, CI\u002FCD ready\n\n### Additional Features\n- **Built-in CVE database** — 2024-2026 vulnerabilities with CVSS scores\n- **REST API** — Automation and CI\u002FCD integration\n- **Modular architecture** — Easy to extend with custom modules\n- **230+ automated tests** — 99.5% pass rate\n- **Interactive CLI** — User-friendly menu system\n- **Multi-language reports** — English output with remediation guides\n\n---\n\n## 📦 Installation\n\n### Prerequisites\n- Python 3.9 or higher\n- pip package manager\n- Git (optional)\n\n### Quick Install\n\n```bash\n# Clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro.git\ncd web-security-scanner-pro\n\n# Install dependencies\npip install -r requirements.txt\n\n# Run the scanner\npython main.py\n```\n\n### One-Line Install\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro.git && cd web-security-scanner-pro && pip install -r requirements.txt && python main.py\n```\n\n[Full Installation Guide →](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FInstallation)\n\n---\n\n## 🚀 Quick Start\n\n```bash\n# Interactive mode (recommended for beginners)\npython main.py\n\n# Quick security audit (4 critical modules)\npython main.py quick https:\u002F\u002Fexample.com\n\n# Full scan with all 49 modules\npython main.py scan https:\u002F\u002Fexample.com\n\n# Specific modules only\npython main.py scan https:\u002F\u002Fexample.com --modules wordpress,xss,sqli\n\n# Stealth mode for protected sites\npython main.py scan https:\u002F\u002Fexample.com --mode stealth\n\n# Generate reports\npython main.py scan https:\u002F\u002Fexample.com --format html pdf json\n```\n\n[Full Usage Guide →](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FUsage)\n\n---\n\n## 📊 Sample Output\n\n```\n╔══════════════════════════════════════════════════════════════════════╗\n║              Web Security Analyzer Pro v3.0                         ║\n╚══════════════════════════════════════════════════════════════════════╝\n\nTarget: https:\u002F\u002Fexample.com\nMode: stealth\nStarted: 2026-05-14 10:30:00\n\nRunning 15 security modules...\n\n✓ wordpress: WordPress 6.4.2 detected\n✓ php: PHP 8.1.26 detected\n✓ ssl: TLS 1.3, Grade A\n✓ headers: 3 missing security headers\n🚨 xss: 2 reflected XSS found\n🚨 sqli: 1 time-based SQLi found (MySQL)\n🚨 cpanel: WHM accessible on port 2087\n\n═══════════════════════════════════════════════════\n📊 Scan Summary\n═══════════════════════════════════════════════════\nCRITICAL:  2  ⚠️\nHIGH:      4  ⚠️\nMEDIUM:    7  ⚠️\nLOW:       3  ✅\nINFO:      8  ℹ️\n───────────────────────────────────────────────────\nTOTAL:    24 findings\n═══════════════════════════════════════════════════\n\nDuration: 45.5 seconds\nReport saved: reports\u002Foutput\u002Faudit.html\n```\n\n---\n\n## 🆚 Comparison with Other Tools\n\n### Why WSA Pro?\n\n| Feature | **WSA Pro** | WPScan | Nikto | OWASP ZAP | Nuclei | Burp Suite Pro | Acunetix |\n|---------|:---:|:---:|:---:|:---:|:---:|:---:|:---:|\n| **Price** | FREE | Free\u002FPaid | FREE | FREE | FREE | $449\u002Fyr | $4,500\u002Fyr |\n| **Open Source** | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |\n| **Modules** | 49 | 5 | 30 | 40 | 100+ | 100+ | 100+ |\n| **WordPress** | ✅✅✅ | ✅✅✅ | ✅ | ✅ | ✅ | ✅ | ✅ |\n| **cPanel\u002FDirectAdmin** | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ⚠️ |\n| **Evasion Engine** | ✅✅✅ | ⚠️ | ⚠️ | ❌ | ❌ | ❌ | ❌ |\n| **WAF Detection** | ✅ (9 WAFs) | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |\n| **SQLi (Advanced)** | ✅ (4 types) | ❌ | ✅ (basic) | ✅ | ✅ | ✅✅✅ | ✅✅✅ |\n| **DOM XSS** | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ |\n| **Built-in CVE DB** | ✅ (2024-26) | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ |\n| **PDF Reports** | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |\n| **REST API** | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ |\n| **CLI Interface** | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ |\n| **GUI Interface** | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |\n| **Learning Curve** | Easy | Easy | Medium | Medium | Medium | Hard | Medium |\n\n### Ranking\n\n| Rank | Tool | Score | Price |\n|:----:|------|:-----:|-------|\n| 1 | Burp Suite Pro | 9.5 | $449\u002Fyr |\n| 2 | Acunetix | 9.3 | $4,500\u002Fyr |\n| 3 | Nessus | 9.0 | $2,790\u002Fyr |\n| 4 | Netsparker | 8.8 | $5,000\u002Fyr |\n| **5** | **WSA Pro** | **8.5** | **FREE** |\n| 6 | OWASP ZAP | 8.0 | FREE |\n| 7 | Nuclei | 7.5 | FREE |\n| 8 | SQLMap | 7.0 | FREE |\n| 9 | Nikto | 6.0 | FREE |\n| 10 | WPScan | 5.5 | Free\u002FPaid |\n\n**WSA Pro is the highest-rated completely free web security scanner.**\n\n### Unique Advantages\n- 🥇 Only free tool with **cPanel, DirectAdmin, Plesk** scanning\n- 🥇 Only free tool with **advanced evasion engine** (WAF detection, auto-retry)\n- 🥇 Only free tool with **built-in CVE database** through 2026\n- 🥇 **49 modules** in a single tool (most free tools do 5-10 things)\n\n---\n\n## 📁 Project Structure\n\n```\nweb-security-scanner-pro\u002F\n├── main.py                 # Entry point\n├── config.yaml            # Configuration\n│\n├── core\u002F                  # Core engine\n│   ├── scanner.py         # Main orchestrator\n│   ├── browser.py         # HTTP client with stealth\n│   ├── evasion.py         # WAF bypass & anti-detection\n│   ├── database.py        # CVE vulnerability database\n│   ├── reporter.py        # Report generation\n│   ├── updater.py         # Database updater\n│   └── api.py             # REST API server\n│\n├── modules\u002F               # 49 security test modules\n│   ├── cms\u002F              # WordPress (9), Joomla, Drupal\n│   ├── webserver\u002F        # Apache, Nginx, LiteSpeed, IIS, Tomcat\n│   ├── php\u002F              # Version, Config, Functions, Info\n│   ├── database\u002F         # MySQL, PostgreSQL, Redis, MongoDB, Elasticsearch\n│   ├── control_panels\u002F   # cPanel, DirectAdmin, Plesk, Virtualmin\n│   ├── vulnerabilities\u002F  # XSS, SQLi, LFI, XXE, SSTI, CSRF, etc.\n│   ├── ssl_tls\u002F         # Certificate, Protocols, Ciphers\n│   ├── headers\u002F          # Security Headers, Info Disclosure\n│   └── api_security\u002F     # GraphQL, REST API, JWT\n│\n├── database\u002F             # Vulnerability data\n│   ├── vulnerabilities_2024.py\n│   ├── vulnerabilities_2025.py\n│   └── vulnerabilities_2026.py\n│\n├── reports\u002F              # Report templates\n│   └── templates\u002F\n│       ├── report.html\n│       └── report.md\n│\n└── tests\u002F                # 230+ automated tests\n    ├── core\u002F\n    └── modules\u002F\n```\n\n---\n\n## 📚 Documentation\n\nFull documentation is available in the [Wiki](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki):\n\n| Page | Description |\n|------|-------------|\n| [Home](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki) | Project overview |\n| [Installation](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FInstallation) | Setup guide |\n| [Usage](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FUsage) | How to use |\n| [Modules](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FModules) | All 49 modules |\n| [Evasion Engine](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FEvasion-Engine) | Stealth features |\n| [Vulnerability Database](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FVulnerability-Database) | CVE database |\n| [Reporting](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FReporting) | Report generation |\n| [API Reference](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FAPI-Reference) | REST API docs |\n| [Scan Modes](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FScan-Modes) | Stealth\u002FNormal\u002FAggressive |\n| [Configuration](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FConfiguration) | config.yaml guide |\n| [FAQ](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FFAQ) | Common questions |\n| [Troubleshooting](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FTroubleshooting) | Error fixes |\n| [Contributing](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FContributing) | Add modules |\n\n---\n\n## 🧪 Testing\n\n```bash\n# Run all tests\npython tests\u002Ftest_runner.py\n\n# Run specific tests\npython -m pytest tests\u002Fmodules\u002Ftest_wordpress.py -v\npython -m pytest tests\u002Fcore\u002Ftest_core_database.py -v\n\n# With coverage\npython -m pytest tests\u002F --cov=core --cov=modules --cov-report=html\n```\n\n**Test Results:**\n- 230+ automated tests\n- 99.5% pass rate\n- Covers all 49 modules and 6 core components\n\n---\n\n## 🤝 Contributing\n\nContributions are welcome! See the [Contributing Guide](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki\u002FContributing).\n\n### Quick Module Template\n\n```python\nclass Scanner:\n    def __init__(self, browser, target_url, config):\n        self.browser = browser\n        self.target_url = target_url\n        self.config = config\n        self.findings = []\n    \n    def run(self):\n        # Your test logic\n        return {'findings': self.findings}\n```\n\n---\n\n## 📝 License\n\nThis project is licensed under the **MIT License** — see the [LICENSE](LICENSE) file for details.\n\nMIT means you can:\n- ✅ Use commercially\n- ✅ Modify\n- ✅ Distribute\n- ✅ Sublicense\n- ✅ Private use\n\n---\n\n## ⚡ Credits\n\nCreated by **Milad Rezanezhad**\n\n---\n\n## 📞 Contact\n\n- **Issues:** [GitHub Issues](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fissues)\n- **Wiki:** [Documentation](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fwiki)\n- **Discussions:** [GitHub Discussions](https:\u002F\u002Fgithub.com\u002Fmiladrezanezhad\u002Fweb-security-scanner-pro\u002Fdiscussions)\n\n---\n\n## 🌟 Star History\n\nIf this tool helps you, please consider giving it a **star ⭐** on GitHub!\n","Web Security Scanner Pro 是一个高级开源的网站安全扫描工具。它拥有49个安全检测模块，能够识别包括SQL注入、XSS攻击在内的多种常见漏洞，并且具备CVE数据库查询功能以检查软件版本是否过期。该工具还配备了一个绕过WAF（Web应用防火墙）检测的引擎，提高了测试的有效性和隐蔽性。适用于合法的安全测试场景，如对自己管理的站点进行安全评估、获得授权后的渗透测试以及教育研究目的等。使用Python编写，确保了跨平台兼容性与扩展灵活性。",2,"2026-06-11 03:59:06","CREATED_QUERY"]