SecuBat Vulnerability Scanner

  •        58

SecuBat is a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.



Related Projects

OWASP Joomla Vulnerability Scanner Project

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.

Wapiti - Web application vulnerability scanner / security auditor

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. It is able to differentiate ponctual and permanent XSS vulnerabilities.

SecureMe - This class implement a security check and validation against SQL-injection and xss

This class implement a security check and validation against SQL-injection and xss

Gamja : Web vulnerability scanner

Gamja will find XSS(Cross site scripting) amp; SQL Injection weak point also URL parameter validation error. Who knows that which parameter is weak parameter? Gamja will be helpful for finding vulnerability[ XSS , Validation Error , SQL Injection].

Sqlmap - Automatic SQL injection and database takeover tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

w3af - Web Application Attack and Audit Framework

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.


Coverity Security Library (CSL) is a lightweight set of escaping routines for fixing cross-site scripting (XSS), SQL injection, and other security defects in Java web applications.


A class project for CMPT 352 (Information Security) to scan for injection exploits on a website (XSS / SQL Injection) using scriptable plugins. This project is no longer being worked on.


KayRa is a Web Application Security Auditing Tool designed to test the security of websites by analyzing web pages. Some of the tests include: SQL Injection, XSS, Form behaviour with bad data. All tests carried out will be based on the OWASP guide.


Training and educating about the web security

CI_SQL_XSS_CSRF - ???????SQL Injection?XSS?CSRF???CodeIgniter???

???????SQL Injection?XSS?CSRF???CodeIgniter???

php-sploits - PHP Site vulnerable to basic XSS/SQL Injection

PHP Site vulnerable to basic XSS/SQL Injection

WSTOOL : Web vulerable scan tool

Web vulnerable scan tool ? SQL injection ? XSS Cross Site Scripting ? 404/500 server error ? Admin/Manage folder search ? web-base or command-line scanner by PHP ? Check up collate with HTML FORM and LINK

qpscanner - QueryParam Scanner - a tool to identify possible SQL injection risks in CFML queries.

QueryParam Scanner - a tool to identify possible SQL injection risks in CFML queries.


eXlent2k7 is a CMS based on the most modern technologies (XHTML 1.1, CSS 2.1, PHP 5 objects, PDO, XML, DOM) with good security (CSRF protection, XSS prevention in template system, JavaScript can be disabled, SQL injection prevention in database class).

sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.##Why Should I use Sleepy Puppy?## Often when testing for client side injections (HTML/JS/etc.) security engineers are looking for where the injection occurs within the application they are testing only. While this provides ample coverage for the application in scope, there is a possibility that the code engineers are injecting may be reflected back in a completely separate application.


Code to protect .NET Web applications and services against sql injection and cross site scripting attacks.

syntribos - Python API security testing tool from OpenStack Security Group

Syntribos is an open source automated API security testing tool that is maintained by members of the OpenStack Security Project.Given a simple configuration file and an example HTTP request, syntribos can replace any API URL, URL parameter, HTTP header and request body field with a given set of strings. Syntribos iterates through each position in the request automatically. Syntribos aims to automatically detect common security defects such as SQL injection, LDAP injection, buffer overflow, etc. In addition, syntribos can be used to help identify new security defects by automated fuzzing.