Vulnerability Scanner ?

is it possible to develop a vulnerabilty scanner in PHP ?

can somebody suggest help ?:ninja:

can either use sockets or cURL, stick it on a loop. make it spider the website. check for common filenames etc. access your custom expoit database to check each url with various exploits.

all pretty straight forward and simple if you break it down.

i wouldnt advise it unless you are either really good with php or make the scanner for individual sites, to check each input.

You mean something like sn00per (http://sla.ckers.org/forum/read.php?12,4892,12717) (code)?

What kind of scanner do you want to build? What types of flaws do you want it to find? Should it be fully automated?

Sn00per simply aims to find files/folders indicative or a bad setup. It doesn't check for vulnerable versions of software, it doesn't have a fuzzer modules to scan for XSS, CSRF, RFI or anything else.

Well, it would be shit hard to make that smart scanner. I believe this could be done with php scanner: -Common files/folders -Folders/files permissions -RFI/LFI

This would be hard: -XSS -SQL -CSRF -Cookie poisoning …

So, I don't think it is good idea to make php scanner. Sorry :)

I think it would be nicer if you checked the vulnerabilities yourself… Cause it will be too hard to make a Perfect Vuln. scanner… Good luck.