shubhushubhu99/vulnXscanner
GitHub: shubhushubhu99/vulnXscanner
一款基于 Python + Flask 的网络安全扫描器,通过 Web 界面提供实时端口扫描、服务指纹识别、子域名枚举及 AI 驱动的漏洞分析能力。
Stars: 8 | Forks: 23
# 🌐 VulnX 安全扫描器
### **实时端口分析 • 服务指纹识别 • 实时威胁情报**
一款基于 Python + Flask 的高性能安全扫描器,通过现代化的深色仪表板 UI 执行实时端口扫描、Banner 抓取、严重性评分、威胁映射和子域名枚举。
[](https://www.python.org/)
[](https://flask.palletsprojects.com/)
[](https://github.com/shubhushubhu99/vulnXscanner)
[](https://vulnx-scanner-production.up.railway.app/)
[](LICENSE)
### 🌎 [在线演示](https://vulnx-scanner-production.up.railway.app/)
## 🚀 关于 VulnX
**VulnX Scanner** 是一款专业级的 **网络安全审计和网络侦察工具**,采用现代 Web 技术构建。它通过直观的基于 Web 的界面提供全面的网络安全分析,既适合安全专业人员使用,也适合初学者上手。
### 什么是 VulnX?
VulnX 是一个全栈 Web 应用程序,结合了强大的网络扫描功能与 AI 驱动的安全分析。它使用户能够:
- **发现开放端口** 在目标系统上(IPv4 和 IPv6)
- **识别运行中的服务** 及其版本,通过 Banner 抓取技术
- **评估安全风险** 配合自动化的严重性评分
- **获取 AI 驱动的洞察** 关于漏洞和修复策略
- **枚举子域名** 用于侦察目的
- **生成专业的 PDF 报告** 用于文档记录
### 核心能力
**🔍 网络扫描引擎**
- 多线程端口扫描(100 个并发线程)
- 支持 IPv4 和 IPv6 地址
- 两种扫描模式:快速扫描(23 个常见端口)和深度扫描(1-1024 端口)
- 通过 WebSocket 通信实时更新进度
- 智能 DNS 解析,支持 IPv4/IPv6 回退
**🛡️ 安全分析**
- 自动化服务识别和指纹识别
- Banner 抓取用于服务版本检测
- 威胁情报映射,包含严重性级别(严重/高/中/低)
- 使用 Google Gemini 2.5 Flash 进行 AI 驱动的漏洞分析
- 针对每个发现服务的详细修复指南
**📊 报告与文档**
- 持久化扫描历史(最近 50 次扫描)
- 专业 PDF 报告生成
- 可导出的扫描结果,包含时间戳
- 详细的端口信息,包括 Banner 和威胁
**🌐 现代 Web 界面**
- 深色主题、响应式设计
- 实时终端风格的日志记录
- 可点击分析的交互式端口卡片
- 流畅的动画和现代 UI/UX
- 适合移动设备的响应式布局
**面向人群:** 安全分析师、渗透测试人员、红队、网络管理员、安全研究人员和网络安全学生。
## 🏗️ 系统架构
### 高层架构图
```
graph TB
subgraph "Client Layer"
Browser[Web Browser]
UI[React-like UI Components]
end
subgraph "Application Layer - Flask"
App[Flask Applicationapp.py] Routes[Route Handlers
/, /dashboard, /history, /subdomain] SocketIO[Flask-SocketIO
WebSocket Server] end subgraph "Core Modules" Scanner[Scanner Engine
core/scanner.py] Reporter[PDF Reporter
core/reporter.py] end subgraph "Network Layer" Socket[Python Socket API] DNS[DNS Resolution] IPv4[IPv4 Support
AF_INET] IPv6[IPv6 Support
AF_INET6] end subgraph "External Services" Gemini[Google Gemini API
AI Analysis] end subgraph "Data Storage" History[JSON History File
scan_history.json] State[Global State
latest_results] end Browser -->|HTTP/WebSocket| App App --> Routes App --> SocketIO Routes --> Scanner Routes --> Reporter SocketIO -->|Real-time Events| Browser Scanner --> Socket Scanner --> DNS Scanner --> IPv4 Scanner --> IPv6 App --> Gemini App --> History App --> State Reporter --> History ``` ## 🔄 完整扫描工作流 ### 详细端口扫描流程 ``` sequenceDiagram participant User participant Browser participant Flask as Flask App participant SocketIO as WebSocket participant Scanner as Scanner Engine participant Network as Network Layer participant Storage as History Storage User->>Browser: Enter target (IP/hostname) Browser->>SocketIO: Emit 'start_scan' event SocketIO->>Flask: handle_scan(data) Flask->>Flask: Start background task Flask->>SocketIO: Emit 'scan_log': "Resolving target..." SocketIO->>Browser: Display in terminal Flask->>Scanner: resolve_target(target) Scanner->>Scanner: Check if IPv4/IPv6 alt IPv4 Address Scanner->>Network: socket.gethostbyname() else IPv6 Address Scanner->>Network: socket.getaddrinfo(AF_INET6) else Hostname Scanner->>Network: Try IPv4 first, then IPv6 end Network-->>Scanner: Return IP address Scanner-->>Flask: (ip, hostname) alt Resolution Failed Flask->>SocketIO: Emit error SocketIO->>Browser: Show error message else Resolution Success Flask->>SocketIO: Emit 'scan_log': "Target resolved" SocketIO->>Browser: Update terminal Flask->>Scanner: scan_target(ip, deep_scan, callback) Scanner->>Scanner: Determine address family (AF_INET/AF_INET6) Scanner->>Scanner: Create port queue Scanner->>Scanner: Spawn 100 worker threads loop For each port Scanner->>Network: socket.connect_ex((ip, port)) Network-->>Scanner: Connection result alt Port Open Scanner->>Scanner: grab_banner(ip, port) Scanner->>Network: Connect & receive banner Network-->>Scanner: Banner data Scanner->>Scanner: Map service & severity Scanner->>Flask: Callback 'port_found' Flask->>SocketIO: Emit 'port_found' event SocketIO->>Browser: Display port in real-time end Scanner->>Flask: Callback 'scan_progress' (every 10 ports) Flask->>SocketIO: Emit 'scan_progress' SocketIO->>Browser: Update progress end Scanner-->>Flask: Return scan results Flask->>Storage: Save to history Flask->>Flask: Update latest_results Flask->>SocketIO: Emit 'scan_complete' SocketIO->>Browser: Render results cards end ``` ## 🌐 IPv4/IPv6 检测与解析流程 ### 地址族检测流程 ``` flowchart TD Start[User Input: Target] --> Clean[Clean Input
Remove http://, brackets] Clean --> CheckIP{Is it
already an IP?} CheckIP -->|Yes| ValidateIP{Validate
IP Format} CheckIP -->|No| ResolveDNS[Resolve as Hostname] ValidateIP --> CheckIPv4{is_ipv4?} ValidateIP --> CheckIPv6{is_ipv6?} CheckIPv4 -->|Yes| IPv4Valid[Validate 4 octets
0-255 each] CheckIPv6 -->|Yes| IPv6Valid[Validate IPv6 format
socket.inet_pton] IPv4Valid -->|Valid| ReturnIPv4[Return AF_INET
socket.AF_INET] IPv4Valid -->|Invalid| Error[Return None] IPv6Valid -->|Valid| ReturnIPv6[Return AF_INET6
socket.AF_INET6] IPv6Valid -->|Invalid| Error ResolveDNS --> TryIPv4[Try IPv4 Resolution
socket.gethostbyname] TryIPv4 -->|Success| ReturnIPv4 TryIPv4 -->|Fail| TryIPv6[Try IPv6 Resolution
socket.getaddrinfo] TryIPv6 -->|Success| ReturnIPv6 TryIPv6 -->|Fail| Error ReturnIPv4 --> UseIPv4[Use AF_INET Socket] ReturnIPv6 --> UseIPv6[Use AF_INET6 Socket] UseIPv4 --> Scan[Perform Port Scan] UseIPv6 --> Scan Error --> FailMsg[Display Error Message] ``` ## 🔍 端口扫描引擎架构 ### 多线程扫描流程 ``` graph LR subgraph "Scan Initialization" Input[Target IP + Scan Mode] --> Validate[Validate IP Format] Validate --> Family{Detect Address
Family} Family -->|IPv4| AF_INET[socket.AF_INET] Family -->|IPv6| AF_INET6[socket.AF_INET6] end subgraph "Port Queue Management" AF_INET --> PortQueue[Create Port Queue] AF_INET6 --> PortQueue DeepScan{Deep Scan?} -->|Yes| Ports1024[Ports 1-1024] DeepScan -->|No| CommonPorts[23 Common Ports] Ports1024 --> PortQueue CommonPorts --> PortQueue end subgraph "Thread Pool - 100 Workers" PortQueue --> Worker1[Worker Thread 1] PortQueue --> Worker2[Worker Thread 2] PortQueue --> Worker3[Worker Thread ...] PortQueue --> WorkerN[Worker Thread 100] end subgraph "Port Connection Process" Worker1 --> Connect1[Socket Connect] Worker2 --> Connect2[Socket Connect] WorkerN --> ConnectN[Socket Connect] Connect1 --> Open1{Port Open?} Connect2 --> Open2{Port Open?} ConnectN --> OpenN{Port Open?} Open1 -->|Yes| Banner1[Grab Banner] Open2 -->|Yes| Banner2[Grab Banner] OpenN -->|Yes| BannerN[Grab Banner] Banner1 --> Analyze1[Map Service & Severity] Banner2 --> Analyze2[Map Service & Severity] BannerN --> AnalyzeN[Map Service & Severity] end subgraph "Result Aggregation" Analyze1 --> Results[Results List] Analyze2 --> Results AnalyzeN --> Results Results --> Sort[Sort by Port Number] Sort --> Return[Return Scan Data] end subgraph "Real-time Updates" Open1 -->|Callback| WebSocket1[Emit 'port_found'] Open2 -->|Callback| WebSocket2[Emit 'port_found'] Analyze1 -->|Progress| Progress[Emit 'scan_progress'] end ``` ## 📊 数据流架构 ### 完整系统数据流 ``` flowchart TD subgraph "User Interface Layer" A[User Input
IP/Hostname] --> B[Dashboard Form] B --> C[WebSocket Client
scanner.js] end subgraph "Application Server" C --> D[Flask-SocketIO
start_scan event] D --> E[Background Task
run_scan_task] E --> F[Scanner Module
resolve_target] end subgraph "Network Resolution" F --> G{IP or Hostname?} G -->|IP| H[Validate IP Format] G -->|Hostname| I[DNS Resolution] H --> J{IPv4 or IPv6?} I --> K[Try IPv4, fallback IPv6] J --> L[Return Address Family] K --> L end subgraph "Scanning Engine" L --> M[scan_target Function] M --> N[Create Thread Pool
100 workers] N --> O[Port Queue
Common or Deep] O --> P[Worker Threads] P --> Q[Socket Connection
AF_INET or AF_INET6] Q --> R{Port Open?} R -->|Yes| S[grab_banner] R -->|No| T[Continue] S --> U[Service Detection] U --> V[Severity Mapping] V --> W[Threat Assessment] end subgraph "Real-time Communication" W --> X[Callback Function] X --> Y[WebSocket Events] Y --> Z[Browser Terminal] Y --> AA[Progress Updates] Y --> AB[Port Found Events] end subgraph "Data Storage" W --> AC[Scan Results] AC --> AD[latest_results
Global State] AC --> AE[History JSON File] AE --> AF[scan_history.json] end subgraph "Result Rendering" AC --> AG[WebSocket: scan_complete] AG --> AH[renderResults Function] AH --> AI[Dynamic Card Creation] AI --> AJ[Display in UI] end subgraph "Additional Features" AJ --> AK[Click Card] AK --> AL[AI Analysis Request] AL --> AM[Google Gemini API] AM --> AN[AI Security Analysis] AN --> AO[Display Modal] AJ --> AP[Export Report] AP --> AQ[PDF Generator] AQ --> AR[Download PDF] end ``` ## 🧩 组件交互图 ### 模块依赖与交互 ``` graph TB subgraph "Frontend Components" HTML[Templates
base.html, dashboard.html] CSS[Styling
main.css, landing.css] JS1[Scanner Logic
scanner.js] JS2[AI Analysis
main.js] end subgraph "Flask Application - app.py" Routes[Route Handlers] WS[WebSocket Handlers] State[Global State Management] HistoryMgr[History Manager] end subgraph "Core Scanner - scanner.py" Resolver[resolve_target
IPv4/IPv6 Detection] Scanner[scan_target
Multi-threaded Engine] Banner[grab_banner
Service Fingerprinting] Subdomain[check_subdomain
DNS Enumeration] end subgraph "PDF Reporter - reporter.py" PDFGen[generate_pdf_report
ReportLab Integration] end subgraph "External APIs" Gemini[Google Gemini API
AI Security Analysis] end subgraph "System Resources" SocketAPI[Python Socket API] Threading[Threading Module] FileSystem[JSON File Storage] end HTML --> Routes JS1 --> WS JS2 --> Routes CSS --> HTML Routes --> Scanner Routes --> HistoryMgr Routes --> PDFGen Routes --> Gemini WS --> Scanner WS --> State Scanner --> Resolver Scanner --> Banner Scanner --> Subdomain Resolver --> SocketAPI Scanner --> SocketAPI Scanner --> Threading Banner --> SocketAPI Subdomain --> SocketAPI HistoryMgr --> FileSystem PDFGen --> FileSystem State --> Routes ``` ## 🔐 安全扫描流程详情 ### Banner 抓取与服务检测 ``` sequenceDiagram participant Scanner participant Socket as Socket API participant Service as Target Service participant Mapper as Service Mapper Scanner->>Socket: Create socket(AF_INET/AF_INET6) Scanner->>Socket: connect((ip, port)) Socket->>Service: TCP Connection Service-->>Socket: Connection Established alt Port is HTTP/HTTPS (80, 443, 8080, 8443) Scanner->>Socket: recv(1024) - Initial banner Socket->>Service: Receive data Service-->>Socket: HTTP/HTTPS response Socket-->>Scanner: Banner data Scanner->>Socket: send("GET / HTTP/1.1...") Socket->>Service: HTTP Request Service-->>Socket: HTTP Response Socket-->>Scanner: Response header Scanner->>Scanner: Parse HTTP status else Other Ports Scanner->>Socket: recv(1024) Socket->>Service: Receive banner Service-->>Socket: Service banner Socket-->>Scanner: Raw banner data end Scanner->>Mapper: Map port to service Mapper-->>Scanner: Service name (FTP, SSH, etc.) Scanner->>Mapper: Get severity level Mapper-->>Scanner: Severity (Critical/High/Medium/Low) Scanner->>Mapper: Get threat information Mapper-->>Scanner: Remediation guide Scanner->>Scanner: Format result tuple
(port, service, banner, severity, threat) Scanner-->>Scanner: Return to scan_target ``` ## 📡 WebSocket 通信流程 ### 实时事件系统 ``` sequenceDiagram participant Browser participant SocketIO as Flask-SocketIO participant Flask participant Scanner participant Callback Browser->>SocketIO: Connect WebSocket SocketIO-->>Browser: Connection established Browser->>SocketIO: Emit 'start_scan'
{target, deep_scan} SocketIO->>Flask: handle_scan(data) Flask->>Flask: Start background task Flask->>SocketIO: Emit 'scan_log'
"Resolving target..." SocketIO-->>Browser: Display in terminal Flask->>Scanner: resolve_target(target) Scanner-->>Flask: (ip, hostname) Flask->>SocketIO: Emit 'scan_log'
"Target resolved to {ip}" SocketIO-->>Browser: Update terminal Flask->>Scanner: scan_target(ip, deep_scan, callback) loop For each port scan Scanner->>Callback: Callback('scan_progress', data) Callback->>Flask: Process callback Flask->>SocketIO: Emit 'scan_progress'
{current, total, port} SocketIO-->>Browser: Update progress bar alt Port is open Scanner->>Callback: Callback('port_found', data) Callback->>Flask: Process callback Flask->>SocketIO: Emit 'port_found'
{port, service, banner} SocketIO-->>Browser: Display port in terminal end end Scanner-->>Flask: Return scan results Flask->>SocketIO: Emit 'scan_complete'
{total_open, results} SocketIO-->>Browser: Render result cards Browser->>Browser: Enable scan button ``` ## 🤖 AI 分析集成流程 ### Google Gemini API 集成 ``` flowchart TD Start[User Clicks Port Card] --> JS[main.js: showDetailedAnalysis] JS --> Modal[Create AI Modal UI] Modal --> Loading[Show Loading State] Loading --> Fetch[Fetch /ai_analysis endpoint] Fetch --> Flask[Flask Route Handler] Flask --> Validate[Validate Request Data] Validate --> Prepare[Prepare Prompt
Port, Service, Banner, Severity] Prepare --> Gemini[Google Gemini Client] Gemini --> API[Gemini API Request] API --> Model[gemini-2.5-flash Model] Model --> Analysis[Generate Security Analysis] Analysis --> Response[Return Analysis Text] Response --> Format[Format as HTML] Format --> Return[Return JSON Response] Return --> JS2[JavaScript receives response] JS2 --> TypeWriter[Typewriter Effect] TypeWriter --> Display[Display in Modal] Display --> User[User Reviews Analysis] User --> Close[Close Modal] style Gemini fill:#4285f4 style Model fill:#34a853 style Analysis fill:#ea4335 ``` ## 📁 完整项目结构 ### 文件组织与依赖 ``` graph TD Root[vulnXscanner/] --> Src[src/] Root --> Static[static/] Root --> Templates[templates/] Root --> Docs[docs/] Root --> Tests[tests/] Root --> Config[Config/] Src --> App[app.py
Flask Application] Src --> Core[core/] Core --> Scanner[scanner.py
Scanning Engine] Core --> Reporter[reporter.py
PDF Generation] Static --> CSS[css/] Static --> JS[js/] Static --> Images[images/] CSS --> MainCSS[main.css
Enhanced UI Styles] CSS --> LandingCSS[landing.css
Landing Page] JS --> MainJS[main.js
AI Analysis] JS --> ScannerJS[scanner.js
WebSocket Client] Templates --> Base[base.html
Base Template] Templates --> Dashboard[dashboard.html
Main Interface] Templates --> History[history.html
Scan History] Templates --> Subdomain[subdomain.html
Subdomain Finder] Templates --> Landing[landing.html
Landing Page] Docs --> Overview[overview.md] Docs --> Arch[architecture.md] Tests --> TestScanner[test_scanner.py
19 Test Cases] App --> Scanner App --> Reporter App --> Base Dashboard --> Base History --> Base Subdomain --> Base Landing --> LandingCSS Dashboard --> ScannerJS Dashboard --> MainJS Dashboard --> MainCSS ``` ## 🔄 请求-响应周期 ### 完整 HTTP/WebSocket 请求流程 ``` sequenceDiagram participant User participant Browser participant Flask participant Scanner participant Storage participant Gemini Note over User,Gemini: Initial Page Load User->>Browser: Navigate to /dashboard Browser->>Flask: GET /dashboard Flask->>Flask: Load latest_results Flask->>Storage: load_history() Storage-->>Flask: History data Flask-->>Browser: Render dashboard.html Note over User,Gemini: Start Scan User->>Browser: Enter target & click scan Browser->>Flask: WebSocket: start_scan Flask->>Flask: run_scan_task (background) Flask->>Browser: WebSocket: scan_log events Flask->>Scanner: resolve_target(target) Scanner-->>Flask: (ip, hostname) Flask->>Browser: WebSocket: "Target resolved" Flask->>Scanner: scan_target(ip, deep_scan, callback) loop Port Scanning Scanner->>Browser: WebSocket: scan_progress Scanner->>Browser: WebSocket: port_found (if open) end Scanner-->>Flask: Scan results Flask->>Storage: save_history() Flask->>Browser: WebSocket: scan_complete Note over User,Gemini: AI Analysis User->>Browser: Click port card Browser->>Flask: POST /ai_analysis Flask->>Gemini: Generate security analysis Gemini-->>Flask: AI analysis text Flask-->>Browser: JSON response Browser->>Browser: Display in modal Note over User,Gemini: Export Report User->>Browser: Click download report Browser->>Flask: GET /export/
5 tests] --> B[Valid IPv4 Detection] A --> C[Invalid IPv4 Rejection] A --> D[IPv4 Resolution] A --> E[IPv4 Hostname Resolution] A --> F[IPv4 Scan Structure] G[TestIPv6Support
5 tests] --> H[Valid IPv6 Detection] G --> I[Invalid IPv6 Rejection] G --> J[IPv6 Resolution] G --> K[IPv6 Hostname Resolution] G --> L[IPv6 Scan Structure] M[TestAddressFamilyDetection
3 tests] --> N[IPv4 Family] M --> O[IPv6 Family] M --> P[Invalid Handling] Q[TestBackwardCompatibility
3 tests] --> R[IPv4 Unchanged] Q --> S[Hostname Prefers IPv4] Q --> T[IPv4 Banner Grabbing] U[TestEdgeCases
3 tests] --> V[Protocol Prefixes] U --> W[Invalid Targets] U --> X[Error Handling] end B --> Results[19 Tests Total
All Passing ✅] H --> Results N --> Results R --> Results V --> Results ``` ## ⚙️ 功能特性 ### ⚡ 高速端口扫描引擎 - 多线程扫描(100 个并发线程) - 深度扫描最多 1024 个端口 - 常规扫描模式(23 个顶级端口) - **支持 IPv4 和 IPv6** ### 🔍 指纹识别引擎 - 从服务捕获 Banner - Web 协议检测(HTTP/HTTPS) - 威胁情报映射 - 服务识别 ### 🤖 AI 模型分析 - 集成 Google Gemini 2.5 Flash - 攻击向量识别 - 安全建议 - 漏洞利用场景 - 严重性评分 ### 🌐 子域名查找器 - 基于 DNS 的解析器 - 智能默认子域名列表 - 并行枚举 ### 📄 PDF 报告生成 - 专业的扫描报告 - 详细的端口信息 - 威胁评估 - 可导出的格式 ### 🎨 UI / UX - 深色主题设计 - 现代卡片布局 - 终端日志显示 - 完全响应式布局 - 实时 WebSocket 更新 ## 📂 技术栈 | 技术 | 用途 | |------------|---------| | Python 3.9+ | 后端语言 | | Flask 2.2.5 | Web 框架 | | Flask-SocketIO 5.3.4 | WebSocket 支持 | | Socket API | 网络通信(IPv4/IPv6) | | Multithreading | 并发扫描(100 线程) | | HTML/CSS/JavaScript | 前端 | | Jinja2 | 模板引擎 | | ReportLab | PDF 生成 | | Google Gemini API | AI 安全分析 | | python-dotenv | 环境变量管理 | ## 🔬 VulnX 工作原理 ### 核心功能流程 1. **用户输入处理** - 用户通过 Web 界面输入目标(IP 地址或主机名) - 输入经过清理和验证 - 支持 IPv4(例如 `192.168.1.1`)和 IPv6(例如 `2001:db8::1`)格式 - 主机名自动解析为 IP 地址 2. **目标解析** - 系统检测输入是 IP 地址还是主机名 - 对于 IP:验证格式并确定地址族(IPv4/IPv6) - 对于主机名:尝试 DNS 解析(优先 IPv4,然后回退到 IPv6) - 返回解析后的 IP 及相应的 Socket 地址族 3. **端口扫描** - 创建待扫描端口队列(23 个常见端口或深度扫描的 1-1024 端口) - 生成 100 个工作线程进行并发扫描 - 每个线程: - 使用适当的地址族(AF_INET 或 AF_INET6)创建 Socket - 尝试 TCP 连接,超时时间为 1 秒 - 如果连接成功,则标记端口为开放 - 如果可用,抓取服务 Banner - 结果以线程安全的方式收集并按端口号排序 4. **服务分析** - 分析开放端口以识别服务 - 捕获并解析 Banner 信息 - 将服务映射到已知端口号 - 分配严重性级别(严重/高/中/低) - 提供威胁信息和修复指南 5. **实时更新** - WebSocket 连接提供实时进度更新 - 端口发现后立即广播 - 每 10 个端口更新一次进度百分比 - 终端风格的日志显示扫描活动 6. **AI 驱动的分析**(可选) - 用户点击端口卡片进行详细分析 - 系统将端口/服务/Banner 数据发送到 Google Gemini API - AI 生成全面的安全分析,包括: - 漏洞评估 - 攻击向量识别 - 修复建议 - 最佳实践 - 结果以带有打字机效果的交互式模态框显示 7. **数据持久化** - 扫描结果保存到 `scan_history.json` - 历史记录包括:目标、IP、发现的端口、时间戳、扫描模式 - 保留最近 50 次扫描 - 结果可以导出为 PDF 报告 ### 技术实现细节 **多线程架构**:使用 Python 的 `threading` 模块和线程安全队列来管理并发端口扫描。100 个工作线程在保持系统稳定性的同时确保快速扫描。 **WebSocket 通信**:Flask-SocketIO 实现了客户端与服务器之间的双向实时通信,允许无需刷新页面即可进行实时进度更新。 **IPv6 支持**:完全的双栈支持,自动检测地址族。IPv6 地址可以使用或不使用括号表示法输入(例如 `[2001:db8::1]` 或 `2001:db8::1`)。 **错误处理**:针对 DNS 解析失败、网络超时和 API 错误的全面错误处理。用户友好的错误消息有助于故障排除。 ## 📥 安装 ### 前置条件 - Python 3.9 或更高版本 - pip(Python 包管理器) - Google Gemini API 密钥(用于 AI 分析功能) - 用于扫描目标的网络访问 ### 1️⃣ 克隆仓库 ``` git clone https://github.com/shubhushubhu99/vulnxscanner.git cd vulnxscanner ``` ### 2️⃣ 安装依赖 ``` pip install -r requirements.txt ``` ### 3️⃣ 配置环境变量 在根目录下创建一个 `.env` 文件: ``` # AI 分析所需 GEMINI_API_KEY=your_gemini_api_key_here # 可选 - Flask Secret Key(如未提供则自动生成) FLASK_SECRET_KEY=your_secret_key_here ``` **获取 Gemini API 密钥:** 1. 访问 [https://aistudio.google.com/app/apikey](https://aistudio.google.com/app/apikey) 2. 使用您的 Google 账号登录 3. 创建一个新的 API 密钥 4. 将密钥复制到您的 `.env` 文件中 ### 4️⃣ 运行应用程序 ``` python src/app.py ``` ### 5️⃣ 在浏览器中打开 导航至: ``` http://127.0.0.1:5000 ``` 应用程序将在 `http://127.0.0.1:5000` 上启动并显示落地页。点击 "Launch Scanner" 访问仪表板。 ## 📚 文档 - 📖 [项目概述](docs/overview.md) - 详细的项目概述和用例 - 🏗️ [项目架构](docs/architecture.md) - 系统架构文档 - ✅ [测试结果](TEST_RESULTS.md) - 全面的测试套件结果 ## ✅ 项目结构验证 该项目遵循 Python Web 应用程序的行业最佳实践: **✅ 模块化架构** - 核心功能分离到 `src/core/` 模块中 - 扫描、报告和 Web 逻辑之间清晰分离 - 遵循单一职责原则的可重用组件 **✅ 标准 Flask 结构** - 模板位于 `templates/` 目录 - 静态资源位于 `static/` 目录(CSS、JS、图片) - 应用程序入口点位于 `src/app.py` **✅ 测试基础设施** - `tests/` 目录中的全面测试套件 - 19 个测试用例覆盖 IPv4/IPv6 功能 - 测试结果记录在 `TEST_RESULTS.md` 中 **✅ 配置管理** - 通过 `.env` 文件管理环境变量(已 gitignore) - `Config/` 目录中的部署配置 - 通过 `Dockerfile` 支持 Docker **✅ 文档** - 包含全面 Mermaid.js 图表的 README - `docs/` 中的架构文档 - 代码注释和文档字符串 **✅ 安全最佳实践** - 通过环境变量管理密钥 - 输入验证和清理 - 错误处理和日志记录 - 明确声明的道德使用政策 **✅ 版本控制** - 正确配置 `.gitignore` - 排除 Python 缓存文件 - 排除敏感文件(`.env`、`scan_history.json`) ## 📁 项目结构 该项目遵循清晰、模块化的架构,关注点分离明确: ``` vulnXscanner/ │ ├── src/ # Source code directory │ ├── app.py # Main Flask application │ │ # - Route handlers (/, /dashboard, /history, /subdomain) │ │ # - WebSocket event handlers │ │ # - AI analysis endpoint (/ai_analysis) │ │ # - PDF export endpoint (/export/
Remove protocols, brackets] Clean --> Type{Input Type?} Type -->|Direct IP| Validate[Validate IP Format] Type -->|Hostname| DNS[DNS Resolution] Validate --> IPv4Check{is_ipv4?} Validate --> IPv6Check{is_ipv6?} IPv4Check -->|Yes| ReturnIPv4[Return IPv4 + AF_INET] IPv6Check -->|Yes| ReturnIPv6[Return IPv6 + AF_INET6] DNS --> TryIPv4[socket.gethostbyname
IPv4 Resolution] TryIPv4 -->|Success| ReturnIPv4 TryIPv4 -->|Fail| TryIPv6[socket.getaddrinfo
AF_INET6 Resolution] TryIPv6 -->|Success| ReturnIPv6 TryIPv6 -->|Fail| Error[Return None] ReturnIPv4 --> Scan[Proceed to Scan] ReturnIPv6 --> Scan Error --> Fail[Display Error] ``` ### 2. 多线程端口扫描 扫描引擎使用带有线程安全队列的生产者-消费者模式: ``` graph TB Start[scan_target Function] --> Detect[Detect Address Family] Detect --> Queue[Create Port Queue] Queue --> ThreadPool[Spawn 100 Worker Threads] ThreadPool --> Worker1[Worker 1] ThreadPool --> Worker2[Worker 2] ThreadPool --> WorkerN[Worker N] Worker1 --> GetPort1[Get Port from Queue] Worker2 --> GetPort2[Get Port from Queue] WorkerN --> GetPortN[Get Port from Queue] GetPort1 --> Connect1[Socket Connect] GetPort2 --> Connect2[Socket Connect] GetPortN --> ConnectN[Socket Connect] Connect1 --> Check1{Port Open?} Connect2 --> Check2{Port Open?} ConnectN --> CheckN{Port Open?} Check1 -->|Yes| Banner1[Grab Banner] Check2 -->|Yes| Banner2[Grab Banner] CheckN -->|Yes| BannerN[Grab Banner] Banner1 --> Result1[Add to Results] Banner2 --> Result2[Add to Results] BannerN --> ResultN[Add to Results] Result1 --> Lock[Thread-safe Append] Result2 --> Lock ResultN --> Lock Lock --> Sort[Sort Results by Port] Sort --> Return[Return Scan Data] ``` ### 3. Banner 抓取机制 ``` sequenceDiagram participant Scanner participant Socket participant Service Scanner->>Socket: Create socket(AF_INET/AF_INET6) Scanner->>Socket: settimeout(2 seconds) Scanner->>Socket: connect((ip, port)) Socket->>Service: TCP SYN Service-->>Socket: TCP SYN-ACK Socket-->>Scanner: Connection established alt HTTP/HTTPS Ports (80, 443, 8080, 8443) Scanner->>Socket: recv(1024) - Initial data Socket->>Service: Receive Service-->>Socket: Initial response Socket-->>Scanner: Banner data Scanner->>Socket: send("GET / HTTP/1.1...") Note over Scanner: For IPv6: Host: [ip]
For IPv4: Host: ip Socket->>Service: HTTP Request Service-->>Socket: HTTP Response Socket-->>Scanner: Response header Scanner->>Scanner: Parse status line else Other Ports Scanner->>Socket: recv(1024) Socket->>Service: Receive banner Service-->>Socket: Service banner Socket-->>Scanner: Raw banner (max 100 chars) end Scanner->>Scanner: Decode & sanitize banner Scanner-->>Scanner: Return banner string ``` ## 🧪 测试与质量保证 ### 测试覆盖 ``` pie title Test Coverage Distribution "IPv4 Compatibility" : 5 "IPv6 Support" : 5 "Address Family Detection" : 3 "Backward Compatibility" : 3 "Edge Cases" : 3 ``` **总计:19 项全面测试** - 全部通过 ✅ 运行测试: ``` python tests/test_scanner.py ``` ## 🚀 部署架构 ### 生产流程 ``` graph TB Code[Source Code] --> Git[Git Repository] Git --> Build[Build Process] Build --> Docker{Docker Build?} Build --> Platform{Platform?} Docker --> Image[Docker Image] Image --> Registry[Container Registry] Registry --> Deploy1[Deploy to Platform] Platform -->|Railway| Railway[Railway.app] Platform -->|Heroku| Heroku[Heroku] Platform -->|Vercel| Vercel[Vercel] Railway --> Env[Environment Variables] Heroku --> Env Vercel --> Env Env --> GEMINI[GEMINI_API_KEY] Env --> FLASK[FLASK_SECRET_KEY] GEMINI --> App[Running Application] FLASK --> App App --> Users[End Users] ``` ## 🔒 安全注意事项 ### 输入验证与安全流程 ``` flowchart TD UserInput[User Input] --> Sanitize[Sanitize Input
Strip, validate format] Sanitize --> Validate{Valid Format?} Validate -->|No| Reject[Reject & Show Error] Validate -->|Yes| Resolve[DNS Resolution] Resolve --> CheckAuth{Authorized Target?} CheckAuth -->|No| Warn[Warning Message] CheckAuth -->|Yes| Proceed[Proceed with Scan] Proceed --> RateLimit{Rate Limited?} RateLimit -->|Yes| Throttle[Throttle Request] RateLimit -->|No| Scan[Execute Scan] Scan --> Results[Return Results] Results --> XSS[XSS Protection
JSON encoding] XSS --> Display[Safe Display] ``` ## 📊 性能特征 ### 扫描性能指标 ``` graph LR subgraph "Scan Modes" Common[Common Scan
23 ports
~2-5 seconds] Deep[Deep Scan
1024 ports
~30-60 seconds] end subgraph "Threading" Threads[100 Worker Threads] Queue[Thread-safe Queue] Lock[Thread Lock
Results Protection] end subgraph "Network" Timeout[1s per port
2s for banners] Concurrent[Parallel Connections] end Common --> Threads Deep --> Threads Threads --> Queue Queue --> Lock Lock --> Timeout Timeout --> Concurrent ``` ## 🎯 用例与工作流 ### 典型用户工作流 ``` journey title VulnX Scanner User Journey section Discovery User discovers tool: 5: User Reads documentation: 4: User Clones repository: 3: User section Setup Installs dependencies: 4: User Configures API keys: 3: User Starts application: 5: User section Scanning Enters target: 5: User Selects scan mode: 4: User Watches real-time progress: 5: User Reviews results: 5: User section Analysis Clicks port for AI analysis: 5: User Reviews security recommendations: 5: User Exports PDF report: 4: User section History Views scan history: 4: User Compares previous scans: 4: User ``` ## 🔧 配置与环境 ### 环境变量 ``` graph TD Env[.env File] --> GEMINI[GEMINI_API_KEY
Required for AI Analysis] Env --> FLASK[FLASK_SECRET_KEY
Optional - Auto-generated] Env --> SCAN[SCAN_THREADS
Optional - Default: 100] GEMINI --> App[Flask Application] FLASK --> App SCAN --> Scanner[Scanner Engine] App --> Init[Application Initialization] Scanner --> Config[Thread Configuration] ``` ## 📈 功能路线图 ### 当前与计划功能 ``` gantt title VulnX Scanner Development Roadmap dateFormat YYYY-MM-DD section Core Features Port Scanning (IPv4) :done, 2024-01-01, 2024-03-01 IPv6 Support :done, 2024-03-01, 2024-06-01 WebSocket Real-time :done, 2024-03-01, 2024-04-01 section Advanced Features AI Analysis (Gemini) :done, 2024-06-01, 2024-08-01 PDF Reports :done, 2024-08-01, 2024-09-01 Scan History :done, 2024-09-01, 2024-10-01 section UI/UX Enhanced UI Design :done, 2024-10-01, 2024-12-01 Responsive Layout :done, 2024-11-01, 2024-12-01 section Testing Comprehensive Test Suite :done, 2024-12-01, 2025-01-01 ``` ### 🛡️ 安全头分析(新增!) 该工具现在包含一个专用模块,通过检查关键的 HTTP 安全头来审计 Web 服务器的防御态势: - **检测**:CSP、HSTS、X-Frame-Options 等。 - **指导**:为每个缺失的头提供可操作的建议。 - **智能逻辑**:自动处理 HTTPS 升级并遵循重定向,以确报告准确。 ## 🤝 贡献 我们欢迎社区的贡献!在提交 Pull Request 之前,请阅读我们的 [贡献指南](CONTRIBUTING.md) 和 [行为准则](CODE_OF_CONDUCT.md)。 有关详细的贡献说明,请参阅 [CONTRIBUTING.md](CONTRIBUTING.md) ## ⚠️ 道德使用政策 **VulnX Scanner** 专为 **授权的安全测试** 设计。用户必须: - ✅ 在扫描任何网络之前获得适当授权 - ✅ 遵守所有适用的法律和法规 - ✅ 将工具用于合法的安全研究和测试 - ❌ 切勿用于未经授权的访问或恶意目的 **免责声明:** 作者不对本工具的滥用负责。 ## 📜 许可证 本项目采用 **MIT 许可证** 授权 - 详见 [LICENSE](LICENSE) 文件。 ## 📬 联系与支持 - 🐛 [报告问题](https://github.com/shubhushubhu99/vulnXscanner/issues) - 💡 [功能请求](https://github.com/shubhushubhu99/vulnXscanner/issues/new) - 📧 联系方式:[提出 Issue](https://github.com/shubhushubhu99/vulnXscanner/issues)
### 👤 项目作者
**Team SilentXploit**
### 💻 主要开发者和维护者
**Shubham Yadav**
### 👥 核心开发团队
**Md Farhan** • **Uday Shankar Singh**
### ⭐ 如果您喜欢这个项目,请在 GitHub 上给它一个 Star! ⭐
**由 Team SilentXploit 用 ❤️ 制作**
[在线演示](https://vulnx-scanner-production.up.railway.app/) • [文档](docs/overview.md) • [报告 Bug](https://github.com/shubhushubhu99/vulnXscanner/issues)
标签:AI安全分析, Banner抓取, certspotter, Cloudflare, Flask, GitHub, MITRE ATT&CK, MIT 许可证, PDF报告生成, Python, Scrypt密钥派生, 代码生成, 仪表盘, 加密, 威胁情报, 威胁映射, 子域名枚举, 密码管理, 开发者工具, 开源安全工具, 插件系统, 数据统计, 无后门, 服务器安全, 服务指纹识别, 渗透测试工具, 漏洞分析, 漏洞扫描器, 端口扫描, 系统安全, 网络安全, 路径探测, 逆向工具, 逆向工程平台, 隐私保护, 高性能扫描