make tool more stable and powerful #4
Open
Chintanpatel24 wants to merge 12 commits into
Open
Conversation
Added functions for URL normalization and report writing. Introduced new command-line arguments for SQL detection and report generation.
Removed various email-related selectors and added new ones.
There was a problem hiding this comment.
Pull request overview
This PR improves the scanner’s runtime stability and output structure by adding safer URL/request handling, introducing passive SQL error detection and JSON reporting, and refreshing selector/value dictionaries for more realistic auth/login fields.
Changes:
- Add
--sql-detectpassive SQL error probing and structured result aggregation across modes. - Add
--report <path>to export a JSON scan summary and improve driver lifecycle (start only when needed, guaranteed cleanup). - Refresh selector/value dictionaries (email/password/input keys) and update README CLI usage/examples.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Updates formatting and adds CLI mode examples (including --sql-detect and --report). |
| main.py | Adds URL normalization, report writing, mode gating, and safer Selenium driver lifecycle. |
| modules/scans.py | Refactors SQLi/XSS/subdomain scanning for structured results; adds passive SQL error detection. |
| modules/bireq.py | Hardens CSRF request replay parsing (safer request-line parsing, urljoin, JSON content-type handling). |
| data/values.txt | Expands keys searched/edited during CSRF replay to more realistic auth/state fields. |
| data/PassSelectors.txt | Refreshes/expands password selectors (including common variants and XPath attribute matches). |
| data/InputSelectors.txt | Expands generic input selectors beyond input to include auth/session/role keys. |
| data/EmailSelectors.txt | Refreshes/expands login/email/identifier selectors, including admin/role-related variants. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This update improves tool stability, expands scanning capabilities, and refreshes data dictionaries with more realistic login/auth fields (including admin and role/state-related keys).
Main Changes
1. Core Runtime and CLI Reliability
2. New Feature Options
--sql-detect.--report <path>.3. SQL Injection Engine Improvements
4. XSS and Subdomain Scan Improvements
tested,reflected,alerts).5. CSRF Request Replay Hardening
6. Data Dictionary Refresh (Realistic States)
Updated scanner data files with broader real-world field names and state keys, including:
admin,administrator,owner,operator,superuser,rootrole,userRole,accountType,accountStatus,state,status,isAdmin,is_admin,permissions,scopeUpdated files:
data/EmailSelectors.txtdata/PassSelectors.txtdata/InputSelectors.txtdata/values.txt7. Documentation and Project Metadata
datetime) from requirements.Files Updated
main.pymodules/scans.pymodules/bireq.pyREADME.mdrequirements.txtdata/EmailSelectors.txtdata/PassSelectors.txtdata/InputSelectors.txtdata/values.txtOutcome
The tool is more stable under different targets, supports richer detection/report flows, and uses more realistic/auth-centric test keys for better practical coverage.