PitchHut logo
Log in / Sign up
AI-Assisted Web Security Scanner
by
onurcangnc
Automate web security scanning with AI-driven insights and tools.
Preview url
Visit project
Pitch

This project offers a comprehensive web application security scanner pipeline that leverages AI for improved efficiency in vulnerability detection. It merges renowned tools with robust design patterns to create a flexible and maintainable architecture, serving both security researchers and software engineers.

Description

AI-Assisted Web Security Scanner

The AI-Assisted Web Security Scanner is a modular and pattern-driven web application security scanner pipeline, developed in Python, that integrates leading reconnaissance and vulnerability discovery tools to enhance security assessments.

Key Features

  • Advanced Security Scanning: Integrates tools like Subfinder, Httpx, Nuclei, and more, optimizing security scanning with AI-enabled functionalities.

  • Educational Showcase: This project serves as an educational example of various Software Design Patterns in action, demonstrating their applicability in creating cleaner, maintainable, and extensible security architectures.

AI-Powered Workflow

  • The pipeline offers intelligent assistance by extracting detected technologies using WhatWeb and Wappalyzer, selecting relevant Nuclei templates based on the target technology stack, identifying suspicious endpoints, and focusing on critical vulnerabilities.

Modular Design Patterns

  • Each aspect of the scanning process is modeled using established OOP design patterns:
    • Observer: Facilitates real-time notifications across various channels.
    • Command: Encapsulates execution of tools as reusable components.
    • Decorator: Measures performance execution time without modifying the core logic.
    • Strategy: Adapts workflows based on user input (root vs subdomain).
    • Factory Method: Generates commands dynamically from input identifiers.
    • Builder: Constructs a comprehensive HTML report containing findings and statistics.

Comprehensive Output

  • The scanner generates a detailed HTML report that includes:
    • Executive summary with technology stack and vulnerability statistics
    • Reports on subdomain takeovers and relevant findings
    • Organized details of discovered vulnerabilities in collapsible sections

Project Structure

The pipeline is structured for ease of use and maintainability, allowing for straightforward interaction:

├── scanner.py # Main pipeline orchestrator
├── report-<domain>.html # Generated HTML report
├── *.json / *.txt # Intermediate scan outputs
└── pipeline.log # Logs

Usage Example

To execute the scanning process, a command such as the following can be used:

python3 scanner.py --domain example.com

This command will initiate a scan for the given root domain, producing an accessible report detailing the security status of the application.

Ideal Audience

  • Security Researchers: Gain insights through an automated, AI-driven pipeline that refinements reconnaissance and vulnerability discovery efforts.
  • Software Engineers: Explore and learn design patterns by observing their practical implementation in the construction of this security tool.
0 comments

No comments yet.

Sign in to be the first to comment.