A powerful, open-source web security testing platform for ethical hackers and bug bounty hunters.

• 🔍 Real-time Intercepting Proxy

  • Capture and modify HTTP/HTTPS traffic
  • WebSocket support
  • Request/response modification
  • Advanced filtering capabilities

• 🎯 Vulnerability Scanner

  • Active and passive scanning modes
  • OWASP Top 10 detection
  • Custom scan profiles
  • Detailed vulnerability reports

• 🔄 Request Repeater

  • Multi-tab request workspace
  • History tracking
  • Response comparison
  • Custom header management

• 💥 Advanced Fuzzer

  • Integration with ffuf
  • Custom payload lists
  • Parameter discovery
  • Rate limiting and threading options

• 📝 Comprehensive Logger

  • Detailed request logs
  • Export capabilities
  • Advanced filtering
  • Real-time monitoring

• 🛠️ Tools Integration

  • sqlmap
  • nmap
  • nikto
  • dirsearch
  • wappalyzer
  • Custom tool support

Proxy Interceptor with Request/Response Modification

Vulnerability Scanner Dashboard

• Node.js 18+
• Python 3.8+ (for tool integrations)
• Git

# Clone the repository
git clone https://github.com/abdullah-x909/ViperScan.git

# Navigate to project directory
cd viperscan

# Install dependencies
npm install

# Start the development server
npm run dev

# Install required security tools
sudo apt install sqlmap nmap nikto ffuf

# Configure tool paths in settings
Settings > External Tools > Configure Paths

1. Proxy Setup

   • Configure your browser to use ViperScan's proxy (default: 127.0.0.1:8080)
   • Install and trust the ViperScan CA certificate
   • Start capturing traffic

2. Scanning

   • Enter target URL
   • Select scan profile
   • Review results in real-time

3. Fuzzing

   • Create or import payload lists
   • Configure fuzzing parameters
   • Monitor results

4. Tools

   • Integrate external security tools
   • Configure custom tools
   • Manage tool settings

• Request Interception

  • Real-time traffic modification
  • Custom rules and filters
  • Automatic encoding/decoding

• Vulnerability Detection

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Command Injection
  • File Inclusion
  • SSRF
  • And more...

• Reporting

  • Detailed vulnerability reports
  • Evidence collection
  • Remediation suggestions
  • Export capabilities

Create custom plugins to extend ViperScan's functionality:

// Example plugin
export default {
  name: 'Custom Scanner',
  version: '1.0.0',
  description: 'Custom vulnerability scanner',
  
  async scan(target) {
    // Implementation
  }
};

We welcome contributions! Please see our Contributing Guide for details.

1. Fork the repository
2. Create your feature branch
3. Commit your changes
4. Push to the branch
5. Create a Pull Request

This project is licensed under the MIT License - see the LICENSE file for details.

• OWASP Foundation
• Security Tool Maintainers
• Open Source Community

• Documentation
• Bug Tracker
• Feature Requests

ViperScan is currently in alpha. We're actively developing new features and improving existing ones. Check our roadmap for upcoming features.

ViperScan is designed for ethical hacking and security testing. Always obtain proper authorization before testing any systems or networks.