add clickjacking scanner tutorial

Author: x4nth055

README.md

@@ -70,6 +70,7 @@ This is a repository of all the tutorials of [The Python Code](https://www.thepy
     - [How to Remove Persistent Malware in Python](https://thepythoncode.com/article/removingg-persistent-malware-in-python). ([code](ethical-hacking/remove-persistent-malware))
     - [How to Check Password Strength with Python](https://thepythoncode.com/article/test-password-strength-with-python). ([code](ethical-hacking/checking-password-strength))
     - [How to Perform Reverse DNS Lookups Using Python](https://thepythoncode.com/article/reverse-dns-lookup-with-python). ([code](ethical-hacking/reverse-dns-lookup))
+    - [How to Make a Clickjacking Vulnerability Scanner in Python](https://thepythoncode.com/article/make-a-clickjacking-vulnerability-scanner-with-python). ([code](ethical-hacking/clickjacking-scanner))
 
 - ### [Machine Learning](https://www.thepythoncode.com/topic/machine-learning)
     - ### [Natural Language Processing](https://www.thepythoncode.com/topic/nlp)

ethical-hacking/clickjacking-scanner/README.md

@@ -0,0 +1 @@
+# [How to Make a Clickjacking Vulnerability Scanner in Python](https://thepythoncode.com/article/make-a-clickjacking-vulnerability-scanner-with-python)

ethical-hacking/clickjacking-scanner/clickjacking_scanner.py

@@ -0,0 +1,55 @@
+import requests, argparse
+
+
+# Function to check if a website is vulnerable to clickjacking.
+def check_clickjacking(url):
+    try:
+        # Add https:// schema if not present in the URL.
+        if not url.startswith('http://') and not url.startswith('https://'):
+            url = 'https://' + url
+
+        # Send a GET request to the URL.
+        response = requests.get(url)
+        headers = response.headers
+
+        # Check for X-Frame-Options header.
+        if 'X-Frame-Options' not in headers:
+            return True
+        
+        # Get the value of X-Frame-Options and check it..
+        x_frame_options = headers['X-Frame-Options'].lower()
+        if x_frame_options != 'deny' and x_frame_options != 'sameorigin':
+            return True
+        
+        return False
+    except requests.exceptions.RequestException as e:
+        print(f"An error occurred while checking {url} - {e}")
+        return False
+
+# Main function to parse arguments and check the URL.
+def main():
+    parser = argparse.ArgumentParser(description='Clickjacking Vulnerability Scanner')
+    parser.add_argument('url', type=str, help='The URL of the website to check')
+    parser.add_argument('-l', '--log', action='store_true', help='Print out the response headers for analysis')
+    args = parser.parse_args()
+
+    url = args.url
+    is_vulnerable = check_clickjacking(url)
+    
+    if is_vulnerable:
+        print(f"[+] {url} may be vulnerable to clickjacking.")
+    else:
+        print(f"[-] {url} is not vulnerable to clickjacking.")
+    
+    if args.log:
+        # Add https:// schema if not present in the URL for response printing.
+        if not url.startswith('http://') and not url.startswith('https://'):
+            url = 'https://' + url
+
+        print("\nResponse Headers:")
+        response = requests.get(url)
+        for header, value in response.headers.items():
+            print(f"{header}: {value}")
+
+if __name__ == '__main__':
+    main()

ethical-hacking/clickjacking-scanner/requirements .txt

@@ -0,0 +1 @@
+requests