whatisgithub

What is web-security-scanner-pro?

miladrezanezhad/web-security-scanner-pro — explained in plain English

Analysis updated 2026-05-18

35PythonAudience · developerComplexity · 3/5LicenseSetup · easy

In one sentence

A command-line scanner that checks websites for 49 kinds of security vulnerabilities, for use only on sites you own or are authorized to test.

Mindmap

mindmap
  root((WSA Pro))
    What it does
      Scans for vulnerabilities
      49 modules
      Evasion engine
    Tech stack
      Python
    Use cases
      Authorized pentests
      Security audits
    Audience
      Security pros
      Site owners

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run an authorized vulnerability scan on your own website before launch.

USE CASE 2

Check a site for SQL injection, XSS, and other common web vulnerabilities.

USE CASE 3

Generate an HTML or PDF security audit report for a client or team.

USE CASE 4

Test whether a site's security headers and SSL configuration are properly set up.

What is it built with?

PythonSQLite

How does it compare?

miladrezanezhad/web-security-scanner-probytedance-seed/cola-dlmchris0214/mikumikuphysics
Stars353535
LanguagePythonPythonPython
Setup difficultyeasyhardmoderate
Complexity3/54/53/5
Audiencedeveloperresearcherdesigner

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires written authorization before scanning any site you do not own.

MIT licensed: use freely for any purpose, including commercial use, as long as you keep the copyright notice.

So what is it?

Web Security Analyzer Pro is a free, open-source command-line tool that scans websites for security vulnerabilities. You point it at a URL and it runs up to 49 different security checks, looking for things like SQL injection flaws (where an attacker could manipulate a database through a website form), cross-site scripting vulnerabilities (where malicious code could be injected into a page), misconfigured SSL certificates, missing security headers, outdated software with known weaknesses, and insecure API endpoints. It also checks for vulnerabilities specific to popular content management systems and control panels. A built-in evasion engine helps the scanner avoid being blocked by web application firewalls during authorized testing, using techniques like rotating browser identities and adding random delays. Results can be exported as HTML, PDF, Markdown, or JSON reports with severity ratings. The tool is aimed at security professionals and website owners who want to audit their own systems or conduct authorized penetration tests. It is written in Python and requires version 3.9 or newer. Using it against websites you do not own or have explicit permission to test is illegal.

Copy-paste prompts

Prompt 1
Show me how to install web-security-scanner-pro and run a quick scan on a test site.
Prompt 2
Walk me through generating an HTML report after scanning a website I own.
Prompt 3
Explain what the evasion engine does and when I should use stealth mode.
Prompt 4
What legal steps do I need before scanning a website with this tool?

Frequently asked questions

What is web-security-scanner-pro?

A command-line scanner that checks websites for 49 kinds of security vulnerabilities, for use only on sites you own or are authorized to test.

What language is web-security-scanner-pro written in?

Mainly Python. The stack also includes Python, SQLite.

What license does web-security-scanner-pro use?

MIT licensed: use freely for any purpose, including commercial use, as long as you keep the copyright notice.

How hard is web-security-scanner-pro to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is web-security-scanner-pro for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.