PySec-Hybrid is a modular web application security scanner written in Python 3.12. The tool combines Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) methodologies, and includes an automated resource discovery module (Spider).
- SAST (Static Application Security Testing): Analyzes source code without executing it. It utilizes Abstract Syntax Trees (ast) to detect potentially dangerous functions such as eval(), exec(), os.system(), and others.
- DAST (Dynamic Application Security Testing): Tests running applications using a "black-box" approach. It checks endpoints for SQL Injection and XSS (Cross-Site Scripting) vulnerabilities.
- Web Spider: Automatically crawls the target URL to find hidden links and forms for subsequent dynamic analysis.
- Asynchronous Engine: Leverages asyncio for efficient management of scanning processes.
- main.py — Entry point and orchestrator for all modules.
- scanner_core.py — The core engine containing SAST and DAST analysis logic.
- spider.py — Crawler module for automated target discovery.
- requirements.txt — List of necessary dependencies.
- Clone the repository:
git clone https://github.com/alekzandren/pysec-hybrid.git
cd pysec-hybrid- Install dependencies:
pip install -r requirements.txt- Run the scanner:
python main.py- Language: Python 3.12+
- Libraries: requests, BeautifulSoup4, ast, asyncio
- Methodology: OWASP Top 10 (basic checks)
This tool is created solely for educational purposes and to assist developers in auditing their own code. The author is not responsible for any damage caused by the use of this software. Never conduct scanning on resources for which you do not have express written permission from the owner.
Distributed under the MIT License. See the .LICENSE file for details.