DEV Community

milad
milad

Posted on

Web Security Analyzer Pro v3.0 — I built 49 security modules, but I need your help

#opensource #security #showdev #sideprojects

👇 The honest truth

Three months ago, I started building a web security scanner.

Today, it has:

  • 49 security modules (WordPress, cPanel, SQLi, XSS, SSL, API security, etc.)
  • Advanced SQL injection detection (error-based, boolean blind, time-based, UNION)
  • WAF evasion engine (detects 9 WAFs + Cloudflare, Sucuri, ModSecurity)
  • Built-in CVE database (2024–2026 vulnerabilities with CVSS scores)
  • HTML, PDF, Markdown, JSON reports
  • 230+ automated tests (99.5% pass rate)

And it's completely free and open source under MIT license.

But here's the part I don't put in the README:

🐛 It's not perfect. And I need help.

This is a one-person project. I've tested it on dozens of targets, but:

  • Some modules fail on edge cases I haven't seen
  • The SQLi detector works great on MySQL, less tested on PostgreSQL
  • DOM XSS detection needs more real-world validation
  • The evasion engine works against 9 WAFs — but new WAFs appear every week
  • I'm sure there are bugs I don't even know about

I'm not looking for praise. I'm looking for people who will break this tool and tell me how.

🎯 Who this tool is for

  • Web developers who want to audit their own sites before deployment
  • Security researchers who need a free, scriptable scanner
  • Penetration testers who want a second opinion alongside Burp/ZAP
  • DevOps engineers who need CI/CD integration (REST API + JSON output)
  • Students learning web security (the code is open, modules are simple)

What this tool is NOT:

  • A replacement for Burp Suite Pro or Acunetix
  • A zero-day finder
  • An automated hacker machine

It's a free, honest scanner that catches low-hanging fruit and helps you understand your security posture.

🛠️ How you can help

  1. Run it on your sites (with permission — read the LEGAL WARNING first)
  2. Open an issue when it crashes, misses something, or gives a false positive
  3. Send a pull request for a bug fix or new module
  4. Share your test results — even failures help me improve

The code is modular. Adding a new module takes ~50 lines. The Wiki has templates.

📦 Quick start

git clone https://github.com/miladrezanezhad/web-security-scanner-pro.git
cd web-security-scanner-pro
pip install -r requirements.txt
python main.py scan https://your-test-site.com --mode stealth
Enter fullscreen mode Exit fullscreen mode

Or just run python main.py for interactive mode.

⚠️ One more honest thing

I'm a frontend developer who fell into security.

Some modules are better than others. Some code is messy.

But I ship it anyway — because someone else might need it, even if it's not perfect.

Open source isn't about flawless code. It's about building together.

🔗 GitHub: miladrezanezhad/web-security-scanner-pro

#websecurity #opensource #bugbounty #python #infosec #helpneeded

Top comments (0)