Creating a Vulnerability Assessment Tool (VAT) with Python: Part I
Overview
The development focused on creating a Python-based vulnerability assessment tool, specifically targeting XSS (Cross-Site Scripting) vulnerabilities. The tool is designed to be run from the command line and allows users to scan specified URLs for potential vulnerabilities. It features modular code for easy maintenance and scalability.
Project Structure
CLI Parsing (cli.py
)
- Responsible for parsing command-line arguments.
- Arguments include the target URL, chosen plugin (defaulting to XSS), and an option to disable SSL verification.
# cli.py - Command line interface for VAT
import argparse
def parse_arguments():
parser = argparse.ArgumentParser(description="Vulnerability Assessment Tool")
parser.add_argument("url", help="Target URL to scan")
parser.add_argument("--plugin", default="xss", choices=["xss"], help="Vulnerability plugin to use. Default is XSS.")
parser.add_argument("--no-verify", action="store_true", help="Disable SSL verification")
return parser.parse_args()
Request Handling (requests_handler.py
)
- Manages HTTPS/S requests to the target URL
- Handles SSL verification and related errors, providing an option to proceed without SSL verification upon user confirmation.
- Detailed SSL error messages are logged to a file for troubleshooting while presenting simplified messages to the user.
# requests_handler.py
import requests
from requests.exceptions import SSLError
import logging
# Basic configuration for logging
logging.basicConfig(filename='error_log.txt', level=logging.ERROR,
format='%(asctime)s:%(levelname)s:%(message)s')
def make_request(url, payload=None, verify_ssl=True):
try:
if payload:
response = requests.get(url, params=payload, verify=verify_ssl)
else:
response = requests.get(url, verify=verify_ssl)
return response, True
except SSLError as ssl_error:
logging.error(f"SSL Certificate Error encountered for {url}: {ssl_error}")
print("SSL Certificate Error: The site's security certificate is not trusted.")
choice = input("Proceed without SSL verification? (yes/no): ").lower()
if choice == 'yes':
print("Proceeding without SSL verification...")
try:
if payload:
response = requests.get(url, params=payload, verify=False)
else:
response = requests.get(url, verify=False)
return response, True
except requests.RequestException as e:
print("Error: Failed to make the request without SSL verification.")
return None, False
else:
return None, False
except requests.RequestException as e:
print(f"Error: Failed to make the request. Details: {e}")
return None, False
XSS Plugin (xss.py
in plugins
directory)
- Contains the
check_xss
function that sends a payload to the target URL to test for reflected XSS vulnerabilities. - Utilizes the
make_request
function fromrequest_handler.py
.
# xss.py
from ..requests_handler import make_request
def check_xss(url, verify_ssl=True):
# A basic payload
payload = "<script>alert('xss')</script>"
response, request_made = make_request(url, {"q": payload}, verify_ssl=verify_ssl)
if response:
return (payload in response.text, request_made)
else:
return False, request_made
Main Script (vat.py
)
- Integrates all components.
- Orchestrates the workflow based on user input from the CLI.
- Handles final output messages to the user based on the scan results and any encountered issues.
# vat.py
from src.vat.cli import parse_arguments
from src.vat.requests_handler import make_request
from src.vat.plugins.xss import check_xss
def main():
# Parse CLI arguments
args = parse_arguments()
print(f"Scanning {args.url} using the {args.plugin} plugin...")
# Handle SSL verification based on CLI argument
verify_ssl = not args.no_verify
# Check for vulnerabilities based on the chosen plugin
if args.plugin == "xss":
vulnerable, performed_check = check_xss(args.url, verify_ssl)
if performed_check:
if vulnerable:
print(f"{args.url} is vulnerable to XSS!")
else:
print(f"{args.url} is not vulnerable to XSS.")
else:
# Error message is printed by the requests_handler module
print(f"Scanning of {args.url} was aborted due to SSL verification failure.")
if __name__ == "__main__":
main()
Key Features and Functionality
- SSL Verification
- The tool rigorously handles SSL certificate verification.
- In case of SSL errors, users are prompted to choose whether to proceed without SSL verification.
- Detailed SSL errors are logged to error_log.txt, keeping user interaction clean and non-technical.
- XSS Vulnerability Checking
- The tool checks for a basic form of reflected XSS.
- Sends a test payload and checks if it is reflected in the response from the target URL.
- User-Friendly Interface
- Despite the complexity of the operations, the tool maintains a user-friendly command-line interface.
- Clear and concise messages are provided to the user, avoiding technical jargon and redundancy.
- Modular and Scalable Design:
- Code is organized into distinct modules for specific functionalities, promoting maintainability and scalability.
- The structure allows for easy addition of new features or plugins in the future.
Testing and Validation
The tool has been tested with various scenarios, including:
- URLs with valid SSL certificates.
- URLs with SSL certificate issues (e.g., https://expired.badssl.com/).
- With and without the –no-verify flag to test SSL verification handling.
In all scenarios, the tool behaved as expected, providing appropriate user prompts and logging detailed errors where necessary.
Conclusion
Throughout the development of this vulnerability assessment tool, I have gained significant insights and accomplished several key objectives. This project not only enhanced my technical skills in Python programming but also deepened my understanding of software design principles and security considerations in application development.
Key Learnings and Accomplishments:
-
Modular Programming: By structuring the project into separate modules like cli.py, requests_handler.py, and xss.py, I learned the importance of modular design. This approach not only made the code more organized and maintainable but also simplified debugging and testing processes.
-
Handling User Interactions: Implementing a user-friendly command-line interface taught me how to balance technical functionality with user experience. Crafting clear and non-technical messages, especially when handling SSL verification, was crucial in making the tool accessible to users without deep technical backgrounds.
-
Error Handling and Logging: Dealing with SSL errors and implementing logging mechanisms was a significant learning curve. I learned to effectively catch and log errors while keeping the user interface clean. This aspect of the project underscored the importance of robust error handling in building reliable software.
-
Security Practices: Working on a tool focused on detecting XSS vulnerabilities offered practical insights into web security vulnerabilities. It heightened my awareness of the security aspects crucial in software development and the importance of proactive testing for vulnerabilities.
Future Scalability and Enhancements
Looking ahead, there are several avenues for enhancing and scaling this tool:
-
Expanding Vulnerability Checks: The current focus is on XSS vulnerabilities. I plan to extend the tool’s capabilities to include other common vulnerabilities like SQL injection, CSRF, and more, turning it into a more comprehensive security assessment tool.
-
Improved Logging and Reporting: Enhancing the logging system to include more detailed reports, potentially with an option to generate summary reports, would make the tool more useful for in-depth security analysis.
-
User Interface Enhancements: Incorporating more interactive elements into the CLI, such as progress indicators and more detailed help messages, could further improve the user experience.
-
Automated Testing and CI Integration: Implementing automated tests and integrating the tool into a continuous integration (CI) pipeline would ensure its reliability and effectiveness in real-world scenarios.
-
Customization and Configurability: Adding options for users to customize payloads and scan parameters would make the tool more versatile and adaptable to different testing environments.
Finally, this project has been an immensely enriching experience, combining practical software development with the intricacies of web security. The skills and knowledge gained lay a strong foundation for future projects, especially in the realms of cybersecurity and software development. I look forward to continuing to enhance the tool, adding new features, and applying these learnings to future endeavors.