README.md

🔍 VulnScan AI - AI-Powered Vulnerability Scanner

The developer's best friend for pre-production security testing 🚀

A lightweight, AI-powered vulnerability scanner that helps developers identify security issues before pushing to production. Perfect for CI/CD pipelines, local development, and quick security assessments.

✨ Why VulnScan AI?

• 🤖 AI-Powered: Intelligent risk assessment and actionable recommendations
• ⚡ Lightning Fast: Parallel scanning with configurable batch sizes
• 🎯 Developer-Focused: Simple CLI, clear output, easy integration
• 🔍 Comprehensive: Technology stack analysis, API security, vulnerability detection
• 📦 Easy Install: One command installation via pip
• 💰 Free & Open Source: No licensing fees, full transparency

🚀 Quick Start

Install from PyPI

pip install vulnscan-ai

Development Installation

# Clone the repository
git clone https://github.com/zeemscript/vulnscanner.git
cd vulnscanner

# Install in development mode
make install-dev

# Run tests
make test

# Run example scan
make scan-example

Basic Usage

# Scan a website
vulnscan example.com

# Scan with specific options
vulnscan example.com --scan-types web ssl --output html

# High-performance scanning
vulnscan example.com --threads 20 --batch-size 50

# Interactive mode with guided scanning
vulnscan --interactive

🎯 Essential Commands

# Basic security scan
vulnscan yourwebsite.com

# Pre-production check
vulnscan localhost:3000 --scan-types web --timeout 30

# API security focus
vulnscan api.yoursite.com --scan-types web --batch-size 50

# Custom output
vulnscan yoursite.com --output json --output-file security_report

# Help
vulnscan --help

🔍 What It Checks

Technology Stack Analysis

• Frontend: React.js, Angular, Vue.js, Next.js, jQuery, Bootstrap
• Backend: Node.js, Python, PHP, Java, .NET frameworks
• CMS: WordPress, Drupal, Joomla with version-specific vulnerabilities
• Analytics: Google Analytics, Facebook Pixel, tracking services

Security Vulnerabilities

• Injection Attacks: XSS, CSRF, SQL injection vectors
• Security Headers: CSP, HSTS, X-Frame-Options, and more
• Information Disclosure: Server info, error handling, sensitive files
• Outdated Software: Technologies with known security issues

API Security

• Authentication: Public vs protected endpoint detection
• CORS: Dangerous wildcard origins and misconfigurations
• Rate Limiting: Missing protection headers
• Sensitive Endpoints: Admin, auth, config, debug APIs

📊 Sample Output

🛠️ TECHNOLOGY STACK ANALYSIS

Frontend Technologies:
  • React.js v16.8.0 [HIGH] (OUTDATED)
  • jQuery v3.4.1 [MEDIUM] (OUTDATED)

Technology Security Summary:
  • High Risk Technologies: 1
  • Medium Risk Technologies: 1
  • Low Risk Technologies: 0
  • Outdated Technologies: 2

HIGH FINDINGS:
┌────────────────────────┬───────────┬──────────┬────────────────────────────┐
│ Target                 │ Scan Type │ Category │ Finding                    │
├────────────────────────┼───────────┼──────────┼────────────────────────────┤
│ example.com            │ web       │ csrf     │ Form without CSRF protection│
└────────────────────────┴───────────┴──────────┴────────────────────────────┘

🤖 AI-POWERED ANALYSIS
Risk Level: High
Risk Score: 67/100

🔧 TOP RECOMMENDATIONS:
1. Update React.js from v16.8.0 to latest version
2. Implement rate limiting on API endpoints
3. Fix CORS configuration for production
4. Add Content Security Policy headers
5. Update jQuery to latest version

🛠️ Installation Options

Option 1: PyPI (Recommended)

pip install vulnscan-ai

Option 2: From Source

# Clone repository
git clone https://github.com/zeemscript/vulnscanner.git
cd vulnscanner

# Install in development mode
pip install -e .

Prerequisites

• Python 3.8+
• nmap (for port scanning) - brew install nmap or sudo apt install nmap
• nikto (for web server scanning) - brew install nikto or sudo apt install nikto

🔧 Advanced Usage

# High-performance scanning
vulnscan yoursite.com --threads 20 --batch-size 50

# Specific scan types
vulnscan yoursite.com --scan-types web ssl

# Custom output formats
vulnscan yoursite.com --output html --output-file report

# CI/CD integration
vulnscan $TARGET_URL --output json --no-save | jq '.risk_score'

# Full command options
vulnscan --help

📈 Performance

• Lightweight: Minimal dependencies, fast startup
• Fast: Parallel scanning with configurable batch sizes
• Efficient: Smart caching and minimal resource usage
• Scalable: Handles everything from localhost to enterprise sites

🎯 Perfect For

• 👨‍💻 Developers: Pre-production security checks
• 🔧 DevOps: CI/CD pipeline integration
• 🛡️ Security Teams: Quick vulnerability assessments
• 🚀 Startups: Affordable security testing
• 🎓 Students: Learning web security concepts

🤝 Contributing

We welcome contributions! Please see our Contributing Guide for details.

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests if applicable
5. Submit a pull request

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

• Built with Python, asyncio, and aiohttp for high performance
• AI-powered analysis using machine learning techniques
• Inspired by the need for developer-friendly security tools

📚 Documentation

• Quick Start Guide
• Repository Structure
• Contributing Guidelines

---

Ready to secure your web applications? Start with vulnscan yoursite.com and see the magic happen! ✨