PitchHut logo
Log in / Sign up
NucAIScan
by
onurcangnc
AI-assisted DAST pipeline for automated recon, fuzzing, and vulnerability scans
Preview url
Visit project
Pitch

NucAIScan is an open-source AI-assisted Dynamic Application Security Testing (DAST) pipeline.
It automates subdomain discovery, endpoint fuzzing, takeover detection, and vulnerability scanning with smart heuristics and optional AI-powered template selection.

Description

NucAIScan

NucAIScan is an AI-assisted Dynamic Application Security Testing (DAST) pipeline that automates reconnaissance, fuzzing, and vulnerability scanning.

It chains Subfinder, httpx, Subzy, FFUF (heuristic fuzzing), and Nuclei with optional AI-powered template selection and automated HTML reporting.

Features

  • Subdomain discovery with Subfinder
  • Alive check with httpx (HTTPS-first)
  • Subdomain takeover detection with Subzy
  • Endpoint fuzzing with FFUF + smart baseline heuristics
  • Tech stack detection from headers, paths, cookies, body
  • Template selection:
    • --backend override (e.g. php, next, wordpress)
    • --ai mode for OpenAI-based smart template reduction
  • Vulnerability scanning with Nuclei
    • Always includes fallback exposures/ templates
  • Reporting:
    • Auto-generated HTML report (with severity coloring)
    • Plain-text fallback for small scans

Architecture

Use Case Diagram

Use Case Diagram

Class Diagram

Class Diagram

Activity Diagram

Activity Diagram

Installation

git clone https://github.com/onurcangnc/NucAIScan.git
cd NucAIScan
pip install -r requirements.txt

You will also need:

Example Run

Default full scan

python -m ffufai targetdomain.com

-> Runs full pipeline: Subfinder → httpx → Subzy → FFUF → tech signals Nuclei (with exposures/). If there were no signals created based on heuristic string matching on curl outputs, then it will apply exposures as fallback.

With backend override

python -m ffufai target.com --backend php

-> Only Nuclei templates related to PHP backend are selected.

With backend override + AI mode

python -m ffufai target.com --backend php --ai

-> Forces backend as PHP and applies AI-powered recommendation on all Nuclei templates to reduce the template set for a more precise Nuclei scan.

python -m ffufai target.com --backend wordpress --ai

-> Backend is selection forced to WordPress and AI decides on the remaining WordPress template candidates and result will be more precise template set according to the application & endpoints and AI.

With AI mode

python -m ffufai target.com --ai

-> Tech signals are passed to OpenAI API, which narrows down the most relevant templates from your template pool.

Example Report

Sample HTML output (with severity coloring):

SW Design Principles

  • SOLID modular design:
    • scanners/ → subdomain, takeover, ffuf, nuclei integrations
    • ai/ → template selection logic
    • core/ → utils, logging
    • report/ → HTML reporting
  • Clean architecture: Each module has a single responsibility
  • Extendable: Easily add new scanners or wordlists

Roadmap

  • Elasticsearch integration
  • AI-powered false positive Nuclei scan filtering & severity scoring
  • Docker container for one-line deployment

License

MIT License © Onurcan Genç

0 comments

No comments yet.

Sign in to be the first to comment.