A Python-based security scanner that automatically checks websites for common vulnerabilities and security issues based on OWASP Application Security Verification Standard (ASVS) Level 1 requirements.
This tool is designed for educational and security assessment purposes only. Always obtain proper authorization before scanning any website that you do not own.
- Automated security scanning based on OWASP ASVS Level 1
- API server for integration with other applications
- Multi-threaded scanning for faster results
- Detailed vulnerability reports with remediation advice
- Docker support for isolated execution
- Python 3.9+
- pip (Python package manager)
-
Clone the repository:
git clone https://github.com/yourusername/hermes-fullstack.git cd hermes-fullstack/web-scanner -
Install dependencies:
pip install -r requirements.txt
Run a scan directly from the command line:
python src/main.py <url>Start the FastAPI server:
uvicorn src.api:app --reloadAccess the API:
- Scan a website:
GET /scan?url=https://example.com - Health check:
GET /health
Build and run using Docker:
docker build -t web-scanner .
docker run web-scanner python src/main.py <url>The scanner consists of multiple modules that work together:
- Core scanning engine
- ASVS requirement verification modules
- Reporting and output formatting
- API interface
- Python - Programming language
- aiohttp - Asynchronous HTTP client/server
- BeautifulSoup4 - HTML parsing
- pyppeteer - Headless browser automation
- FastAPI - API framework
This project is licensed under the MIT License - see the LICENSE file for details.