I have a project to make an application that scans web applications for vulnerabilities an than based on the vulnerabilities found makes and attack.
My idea for this is to install a number virtual machines with web applications (ex BadStore) and then try to scan them and based on the results find from a database an attack for that vulnerability.
I plan on using java spring and postgreSQL since i am most familiar with them for the application. The first step would be the scanner. What i am looking for is i library that can help my implement basic scanning of a web application pages. Since i need to implement the searching for vulnerabilities and then to follow with an attack i plan on fist implement the most simple attack (basic sql inject?).
I need some help with finding a good library to work with for the project. I tried searching for a libraries but found lots of examples of open source vulnerabilities scanners but i don't really know any of them and how hard it would be to use some of there libraries.
If anyone has any experience with something similar i would be most grateful.