Article’s

Web application vulnerabilities, particularly SQL Injection (SQLi) and Cross-Site Scripting (XSS), continue to dominate the global threat landscape, accounting for over 25% of documented security breaches annually. Existing tools such as Burp Suite, OWASP ZAP, and Nikto, while valuable, require significant manual intervention and lack the ability to leverage real-world Cyber Threat Intelligence (CTI) for automated payload testing. This paper presents AWVERT (Automated Web Vulnerability Exploitation and Reporting Tool), a Python-based automated vulnerability scanner for web applications. AWVERT integrates a Breadth-First Search (BFS) web crawler with support for both classic server-rendered and Single Page Application (SPA) architectures using headless Chromium via Playwright. The tool tests six injection categories — SQL Injection, Cross-Site Scripting, PHP/Command Injection, HTML Injection, XML/XXE Injection, and NoSQL Injection — using CTI-sourced payloads from a structured vault. Detection employs three modes: reflection analysis, error-signature matching, and statistical time-based inference. Tested against the OWASP Juice Shop intentionally vulnerable application, AWVERT demonstrates a detection rate of 77.8% across all injection types with a false positive rate of 9.0%.