AdaWeb was a configuration-driven framework that automated web-vulnerability assessment through four stages: technology fingerprinting, crawler selection, exploit execution, and incremental reporting. A Wappalyzer probe identified the application stack and triggered a matching crawler—hypertext preprocessor (PHP), ASP.NET, NodeJS, or a general fallback—capable of both unauthenticated and credential-based traversal. Discovered uniform resource locator (URL) fed three exploit modules: a sqlmap-integrated structured query language injection (SQLi) injection tester, a custom reflective cross-site scripting (XSS) injector, and a Python-deserialization module that used a Base64-encoded pickle payload to open an interactive reverse shell. Each module wrote immediate javascript object notation (JSON) records containing URL, parameter, payload, and evidence, which allowed real-time analysis and preserved data for audit. Empirical evaluation on four deliberately vulnerable benchmarks shows that AdaWeb cuts manual triage time by 52% and eliminates false‑negative cases that defeat generic scanners, making it a drop‑in upgrade for DevSecOps pipelines. This framework reduces manual validation effort and eliminates false negatives by leveraging stack-aligned payloads and authenticated scanning.

Adaptive crawling; Cross site scripting; Structured query language injection; Vulnerability scanning; Web security