In today's cybersecurity landscape, it's essential to proactively monitor your website for potential weaknesses. In this post, we'll walk through a powerful yet simple Python-based web security scanner that checks:

• HTTP security headers

• SSL certificate details

• Common open ports

• Vulnerabilities like SQL Injection (SQLi) and Cross-site Scripting (XSS)

This tool is ideal for developers, ethical hackers, or DevSecOps engineers looking to automate routine security scans.

🧠 What This Python Script Does

This script performs a full scan on a given target URL:

1. Checks HTTP Security Headers
   Ensures presence of critical headers like:

   • Content-Security-Policy

   • Strict-Transport-Security

   • X-Frame-Options

   • And others that prevent clickjacking, content sniffing, and XSS.

2. Scans for Open Common Ports
   Uses raw socket connections to identify open ports like:

   • 80 (HTTP), 443 (HTTPS), 21 (FTP), 22 (SSH), etc.

3. Analyzes SSL Certificate Info
   Extracts certificate validity, issuer, subject, and expiration date.

4. Tests for SQL Injection & XSS Vulnerabilities
   Sends basic payloads to detect if the site reflects malicious code or logic bypass attempts.

5. Generates an HTML Report
   Clean, readable scan results are saved in an easy-to-read scan_report.html.

Result: 

And the HTML report will include sections like:

• HTTP Status & Security Headers (Present / Missing)

• SSL certificate details (Not Before / Not After)

• List of open ports and their associated services

• SQLi and XSS test results

📦 Technologies Used

• requests for HTTP/S requests

• socket and ssl for raw network connections

• jinja2 for HTML templating

• urllib.parse for URL parsing

💡 Use Cases

• Developers can integrate this into CI pipelines for basic security checks.

• Security researchers can use it for quick assessments of target domains.

• Educators can teach web vulnerability concepts interactively.

🛡️ Sample Payloads for Vulnerability Testing

• SQLi: ' OR '1'='1

• XSS: <script>alert('XSS')</script>

These are simple test cases and should not be used on systems you don't own or have permission to test (black-box testing without consent is illegal).

⚠️ Legal Disclaimer

This script is intended for educational and authorized testing only. Scanning websites without permission may violate terms of service or local laws. Always have written consent when testing systems you do not own.