The number of web application grows sharply because of a web application is a common way of delivering all services via the Internet. The developing such application with a fewer experience and without testing caused a huge vulnerability in it. The web application vulnerability is a weak point resulted through web application designing. There are many attackers exploit this vulnerability for gaining access to all unauthorized internal objects to compromise the application, modify data and steal the most important information. The aim of this proposed system is to detect the web application vulnerabilities before exploited by an attacker. A special scanner was built using python 3.7 built-in tools like AST, CFG, Flask, and Django to detect these vulnerabilities. There are different risks infect a web application caused by this vulnerability two types of them were solved in this proposed system. The proposed scanner detects the injection flaws command execution and Cross-Site Scripting (XSS) injection. The fixed-point algorithm is used for finding web application vulnerabilities after analysis and extracts its features. The proposed scanner called SCANSCX. SCANSCX has been created with flexible tools. In order to test and evaluate the ability of SCANSCX, a number of vulnerable applications were designed. All designed examples are identified as being vulnerable. The SCANSCX is a realistic application because it runs on windows and linx operating systems. SCANSCX is a big project that spends very long time on analysis, designed an application and was therefore terminated.