Web Security Analyzer Pro v3.0 — I built 49 security modules, but I need your help

milad — Fri, 15 May 2026 07:54:03 +0000

👇 The honest truth

Three months ago, I started building a web security scanner.

Today, it has:

49 security modules (WordPress, cPanel, SQLi, XSS, SSL, API security, etc.)
Advanced SQL injection detection (error-based, boolean blind, time-based, UNION)
WAF evasion engine (detects 9 WAFs + Cloudflare, Sucuri, ModSecurity)
Built-in CVE database (2024–2026 vulnerabilities with CVSS scores)
HTML, PDF, Markdown, JSON reports
230+ automated tests (99.5% pass rate)

And it's completely free and open source under MIT license.

But here's the part I don't put in the README:

🐛 It's not perfect. And I need help.

This is a one-person project. I've tested it on dozens of targets, but:

Some modules fail on edge cases I haven't seen
The SQLi detector works great on MySQL, less tested on PostgreSQL
DOM XSS detection needs more real-world validation
The evasion engine works against 9 WAFs — but new WAFs appear every week
I'm sure there are bugs I don't even know about

I'm not looking for praise. I'm looking for people who will break this tool and tell me how.

🎯 Who this tool is for

Web developers who want to audit their own sites before deployment
Security researchers who need a free, scriptable scanner
Penetration testers who want a second opinion alongside Burp/ZAP
DevOps engineers who need CI/CD integration (REST API + JSON output)
Students learning web security (the code is open, modules are simple)

What this tool is NOT:

A replacement for Burp Suite Pro or Acunetix
A zero-day finder
An automated hacker machine

It's a free, honest scanner that catches low-hanging fruit and helps you understand your security posture.

🛠️ How you can help

Run it on your sites (with permission — read the LEGAL WARNING first)
Open an issue when it crashes, misses something, or gives a false positive
Send a pull request for a bug fix or new module
Share your test results — even failures help me improve

The code is modular. Adding a new module takes ~50 lines. The Wiki has templates.

📦 Quick start

git clone https://github.com/miladrezanezhad/web-security-scanner-pro.git
cd web-security-scanner-pro
pip install -r requirements.txt
python main.py scan https://your-test-site.com --mode stealth

Or just run python main.py for interactive mode.

⚠️ One more honest thing

I'm a frontend developer who fell into security.

Some modules are better than others. Some code is messy.

But I ship it anyway — because someone else might need it, even if it's not perfect.

Open source isn't about flawless code. It's about building together.

🔗 GitHub: miladrezanezhad/web-security-scanner-pro

#websecurity #opensource #bugbounty #python #infosec #helpneeded

DEV Community: milad

Web Security Analyzer Pro v3.0 — I built 49 security modules, but I need your help