Web Vulnerability Scanner

This is a command-line tool to scan websites using Nuclei, Wapiti, and Nikto, and intelligently combine their outputs into a single JSON report.

Features

• Integrates three open-source scanners: Nuclei, Wapiti, and Nikto
• Merges scan results into a single structured report
• Multi-threaded scanning with Python multiprocessing
• Supports scanning a large list of websites
• Built and tested on Kali Linux

Real-World Usage

• Scanned the top 10,000 Alexa-ranked Indian websites
• Successfully generated reports for approximately 7,785 responsive websites
• Sample scan data included in the sample_data/ folder

Requirements

The following tools must be pre-installed on your system:

• Nuclei
• Wapiti
• Nikto

Install required Python package:

pip install matplotlib

Usage

python scanner.py -w websites.txt -o output_dir -t 5

• -w: Path to a text file containing target websites (one per line)
• -o: Directory to store output files
• -t: Number of concurrent threads (default is 5)

Output Format

Each website scan produces the following:

1. nuclei_scan.json
2. wapiti_scan.json
3. nikto_scan.json
4. combined.json – final merged report

Authors

This project was developed as part of a B.Tech Bachelor Thesis Project at IIIT Sri City by:

1. Rishi Solanki
2. Shekhar Bhiwan
3. Pranauv Kumar