import requests
from bs4 import BeautifulSoup
from urllib.parse import urljoin, urlparse
import socket
# Common payloads for SQLi and XSS
SQLI_PAYLOADS = ["'", "' OR '1'='1", "';--", "\" OR \"1\"=\"1"]
XSS_PAYLOADS = ['<script>alert(1)</script>', '">']
# Ports to scan (can expand this)
COMMON_PORTS = [21, 22, 23, 25, 53, 80, 443, 3306, 8080]
def is_vulnerable_sqli(url):
for payload in SQLI_PAYLOADS:
test_url = f"{url}{payload}"
try:
res = requests.get(test_url, timeout=5)
errors = ["sql syntax", "mysql", "syntax error", "unterminated", "ORA-"]
if any(error in res.text.lower() for error in errors):
print(f"[!!] SQL Injection possible at: {test_url}")
return True
except:
continue
return False
def is_vulnerable_xss(url):
try:
res = requests.get(url, timeout=5)
soup = BeautifulSoup(res.text, "html.parser")
forms = soup.find_all("form")
for form in forms:
action = form.get("action")
method = form.get("method", "get").lower()
inputs = form.find_all("input")
data = {}
for xss in XSS_PAYLOADS:
for inp in inputs:
data[inp.get("name", "input")] = xss
target_url = urljoin(url, action)
if method == "post":
r = requests.post(target_url, data=data)
else:
r = requests.get(target_url, params=data)
if xss in r.text:
print(f"[!!] XSS vulnerability found at: {target_url}")
return True
except:
pass
return False
def scan_ports(host):
print(f"[*] Scanning ports on {host}")
for port in COMMON_PORTS:
try:
sock = socket.socket()
sock.settimeout(1)
sock.connect((host, port))
print(f"[+] Open port found: {port}")
sock.close()
except:
continue
def main():
target = input("Enter full URL (http://example.com): ").strip()
parsed = urlparse(target)
hostname = parsed.hostname
print("\n[+] Scanning for SQL Injection...")
is_vulnerable_sqli(target)
print("\n[+] Scanning for XSS...")
is_vulnerable_xss(target)
print("\n[+] Scanning open ports...")
scan_ports(hostname)
if __name__ == "__main__":
main()
Code output
Enter full URL (http://example.com): https://open.spotify.com/
[+] Scanning for SQL Injection...
[+] Scanning for XSS...
[+] Scanning open ports...
[*] Scanning ports on open.spotify.com
[+] Open port found: 21
[+] Open port found: 80
[+] Open port found: 443
']
# Ports to scan (can expand this)
COMMON_PORTS = [21, 22, 23, 25, 53, 80, 443, 3306, 8080]
def is_vulnerable_sqli(url):
for payload in SQLI_PAYLOADS:
test_url = f"{url}{payload}"
try:
res = requests.get(test_url, timeout=5)
errors = ["sql syntax", "mysql", "syntax error", "unterminated", "ORA-"]
if any(error in res.text.lower() for error in errors):
print(f"[!!] SQL Injection possible at: {test_url}")
return True
except:
continue
return False
def is_vulnerable_xss(url):
try:
res = requests.get(url, timeout=5)
soup = BeautifulSoup(res.text, "html.parser")
forms = soup.find_all("form")
for form in forms:
action = form.get("action")
method = form.get("method", "get").lower()
inputs = form.find_all("input")
data = {}
for xss in XSS_PAYLOADS:
for inp in inputs:
data[inp.get("name", "input")] = xss
target_url = urljoin(url, action)
if method == "post":
r = requests.post(target_url, data=data)
else:
r = requests.get(target_url, params=data)
if xss in r.text:
print(f"[!!] XSS vulnerability found at: {target_url}")
return True
except:
pass
return False
def scan_ports(host):
print(f"[*] Scanning ports on {host}")
for port in COMMON_PORTS:
try:
sock = socket.socket()
sock.settimeout(1)
sock.connect((host, port))
print(f"[+] Open port found: {port}")
sock.close()
except:
continue
def main():
target = input("Enter full URL (http://example.com): ").strip()
parsed = urlparse(target)
hostname = parsed.hostname
print("\n[+] Scanning for SQL Injection...")
is_vulnerable_sqli(target)
print("\n[+] Scanning for XSS...")
is_vulnerable_xss(target)
print("\n[+] Scanning open ports...")
scan_ports(hostname)
if __name__ == "__main__":
main()