AegisScan: Command Line Interface Based Security Analyzer for Detecting Critical Web Vulnerabilities
Keywords:
Automation, CI/CD, CLI Tool, CSRF, Python, SQL Injection, Web Application Security, XSSAbstract
AegisScan is a comprehensive Command-Line Interface (CLI) tool designed to automate the detection of critical web application vulnerabilities, including SQL Injection (SQLi), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). As cyber threats continue to evolve, traditional security measures often fall short of identifying vulnerabilities efficiently. AegisScan addresses this gap by providing an automated, lightweight, and scalable security scanning solution tailored for modern web applications. Developed using Python 3.8+, AegisScan integrates key security libraries such as requests, beautifulsoup4, and argparse to conduct thorough vulnerability assessments. The tool ensures seamless CI/CD pipeline integration, enabling continuous security checks throughout the software development lifecycle. It leverages industry-standard security tools like sqlmap for SQLi detection and XSStrike for XSS scanning, ensuring high detection accuracy and reliability. AegisScan supports multi-format reporting, including JSON, TXT, and HTML, allowing security professionals to generate detailed vulnerability reports. Real-time scanning results provide immediate insights, enabling proactive mitigation of security threats. Additionally, its modular and cross-platform architecture ensures compatibility with various operating systems, making it accessible to developers, penetration testers, and DevSecOps teams alike. By bridging the gap between traditional vulnerability scanners and modern security requirements, AegisScan delivers an open-source, extensible security solution that enhances web application resilience. Its automation-driven approach minimizes manual effort while improving accuracy, making it an indispensable tool in the cybersecurity domain.
References
P. E. Fauzan, et al., “Systematic literature review: Security gap detection on websites using OWASP ZAP,” Brilliance: Research of Artificial Intelligence, vol. 4, no. 1, 2024. doi: https://doi.org/10.47709/brilliance.v4i1.4227.
E. A. Altulaihan, et al., “A survey on web application penetration testing,” Electronics, vol. 12, no. 1229, 2023. https://doi.org/10.3390/electronics12051229.
K. Abdulghaffar et al., “Enhancing web application security through automated penetration testing with multiple vulnerability scanners,” Computers, vol. 12, no. 11, p. 235, 2023. doi: 10.3390/computers12110235.
H. Holm, T. Sommestad, J. Almroth, and M. Persson, “A quantitative evaluation of vulnerability scanning,” Information Management & Computer Security, vol. 19, no. 4, pp. 231–247, Oct. 11, 2011. doi: 10.1108/09685221111173058.
A. Lazzez and T. Slimani, “Forensics investigation of web application security attacks,” I.J. Computer Network and Information Security, vol. 3, pp. 10–17, 2015. doi: https://doi.org/10.5815/ijcnis.2015.03.02.
S. Kals, E. Kirda, C. Kruegel, and N. Jovanovic, “Secubat: A web vulnerability scanner,” in Proceedings of the 15th International Conference on World Wide Web, Edinburgh, UK, May 23–26, 2006, pp. 247–256. doi: https://doi.org/10.1145/1135777.1135817.
E. Galán, A. Alcaide, A. Orfila, and J. Blasco, “A multi-agent scanner to detect stored-XSS vulnerabilities,” in 2010 International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, Nov. 8–11, 2010, pp. 1–6. doi: https://doi.org/10.1109/ICITST.2010.5678543.
J. Viega, J. T. Bloch, Y. Kohno, and G. McGraw, “ITS4: A static vulnerability scanner for C and C++ code,” in Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC'00), New Orleans, LA, USA, Dec. 11–15, 2000, pp. 257–267. doi: 10.1109/ACSAC.2000.898880.
E. Erturk and A. Rajan, “Web vulnerability scanners: A case study,” arXiv preprint arXiv:1706.08017, Jun. 25, 2017. [Online]. Available: https://arxiv.org/abs/1706.08017.
A. B. M. Ali et al., “SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks,” Procedia Computer Science, vol. 3, pp. 453–458, 2010. doi: https://doi.org/10.1016/j.procs.2010.12.076.
