SK.← Back to Blogs
2026-02-20·12 min read

Web Vulnerability Scanning with Python

Building a modular vulnerability scanner in Python — from crawlers and fingerprinting to SQL injection detection and report generation.

To understand web security, you have to learn how automated scanners work. I built VulnScanner, a modular vulnerability scanner in Python, to run penetration testing experiments on local labs. Here is a breakdown of how the scanner is architected.

Core Scanner Architecture

The scanner consists of a master orchestrator and five specialized detection modules:

  1. Crawler Module: Recursively maps all links, forms, and API endpoints using BeautifulSoup.
  2. Header Analyzer: Checks security headers (CORS, CSP, X-Frame-Options, HSTS).
  3. SQLi Scanner: Injects basic boolean-based and time-based SQL payloads into input forms.
  4. XSS Detection: Tests input validation by injecting HTML elements and monitoring reflecting inputs.
  5. Reporter: Compiles a structured markdown document detailing findings and risk severity.
# Sample code snippet from the SQLi detection module
def check_sqli(url, parameter):
    payloads = ["'", "''", " OR 1=1", "' OR '1'='1"]
    for payload in payloads:
        target = f"{url}?{parameter}={payload}"
        response = requests.get(target)
        if "sql syntax" in response.text.lower() or "mysql" in response.text.lower():
            return True
    return False

This project taught me the importance of input validation, sanitized database queries (prepared statements), and the utility of automated testing tools in modern secure development pipelines.

← Back to Home© 2026 Saheer Khan