Pentesting Bot - Complete Web Security Audit Tool

# Security Testing Bot

A powerful automated security testing tool built with Node.js and Puppeteer that helps identify common web application vulnerabilities.

## Features

- XSS Detection: Tests for various Cross-Site Scripting vulnerabilities

- Basic XSS payloads

- DOM-based XSS

- SVG-based attacks

- Event handler exploits

- SQL Injection Testing: Identifies potential SQL injection points

- Union-based injections

- Error-based injections

- Time-based blind injections

- Boolean-based blind injections

- Path Traversal Detection: Checks for directory traversal vulnerabilities

- Multiple encoding techniques

- Platform-specific paths

- Common sensitive files

- SSRF Testing: Server-Side Request Forgery detection

- Internal network access attempts

- Cloud metadata endpoints

- Protocol-based attacks (dict, gopher)

- Local file access

- XXE Detection: XML External Entity testing

- File read attempts

- Remote DTD inclusion

- Entity expansion

- Command Injection: Tests for OS command execution

- Unix/Linux commands

- Windows commands

- Command chaining

- Output redirection

- Open Redirect Detection: Identifies unvalidated redirects

- Protocol-based redirects

- Domain validation bypass

- Encoded payloads

- Security Headers Analysis: Checks for missing security headers

- Content Security Policy

- X-Frame-Options

- X-XSS-Protection

- HSTS

- And more...

- Additional Security Checks:

- Unsafe JavaScript sources

- Insecure iframe usage

- Information disclosure

- CSRF protection

- Cookie security

- File upload vulnerabilities

- HTTPS enforcement