Authors: Mrs. S. Revathi, Sabarinathan S2, Sai Vigneshwaran A, Soundararajan T
Abstract: PentraGuard is a Python-based ethical web vulnerability scanner designed as a Dynamic Appli-cation Security Testing (DAST) tool to evaluate the security posture of real-time web applica-tions. It automates systematic testing to uncover common vulnerabilities such as SQL Injection (SQLi), Cross-Site Scripting (XSS), insecure HTTP headers, and sensitive data exposure, align-ing with the OWASP Top 10 security risks. The system functions in two core modes: Discov-ery Mode and Active Scan Mode. In Discovery Mode, the scanner safely analyzes and maps the application structure by identifying web pages, links, and input forms without using harmful payloads. Active Scan Mode performs controlled security assessments using predefined attack patterns to detect vulnerabilities. To enforce ethical usage, PentraGuard includes a domain own-ership verification feature that restricts scanning to authorized or owned sites. The tool produces comprehensive vulnerability reports containing technical evidence, impact analysis, and remedia-tion recommendations, enabling users to effectively mitigate identified risks.
DOI: https://doi.org/10.5281/zenodo.18468823
