samritha17/AegisScanner

GitHub: samritha17/AegisScanner

一款基于自定义启发式逻辑的轻量级 Web 安全扫描器，用于实时发现常见漏洞并提供实时反馈。

Stars: 0 | Forks: 0

# 🛡️ AegisScanner: Web Vulnerability Discovery Engine ![Node.js](https://img.shields.io/badge/Node.js-18.x-green.svg) ![License](https://img.shields.io/badge/License-MIT-blue.svg) ![Security](https://img.shields.io/badge/Vulnerability-Scanner-red.svg) **AegisScanner** is a lightweight, high-performance web security scanner designed to demonstrate real-world security knowledge. Unlike tools that simply wrap existing APIs, AegisScanner implements custom heuristic logic to identify SQL Injection, Cross-Site Scripting (XSS), missing security headers, and open ports in real-time. ## 🚀 Quick Start (Docker) The fastest way to get AegisScanner running is using Docker: ``` docker-compose up --build ``` The application will be available at [http://localhost:3000](http://localhost:3000). ## 🔥 Key Features - **Recursive link discovery**: Automatically maps out site structure. - **Security Header Analysis**: Detects missing CSP, HSTS, and X-Frame-Options. - **Port Scanner**: TCP-based scanning for common service vulnerabilities (FTP, SSH, DB). - **Vulnerability Payloads**: Custom heuristic checks for reflected script tags and SQL syntax errors. - **Live Activity Feed**: Real-time progress and findings streamed via Socket.io. - **Report Generation**: Instant HTML report downloads for security auditing. ## 🧠 Technical Highlights (Recruitment Info) This project was built to showcase **Senior-level** engineering and security practices: - **Custom Heuristics**: I implemented custom scanning logic rather than third-party APIs to demonstrate a deep understanding of how SQLi and XSS work at the protocol level. - **Real-time Architecture**: Leveraged **Socket.io** for bi-directional communication, ensuring the UI remains responsive and provides immediate feedback during long-running scans. - **Modular Design**: The scanning engine is decoupled into separate modules (`crawler`, `headers`, `vulnerabilities`), making it highly extensible for new attack vectors. - **Portability**: Fully containerized with **Docker** for consistent behavior across development and production environments. ## 🛠️ Tech Stack - **Backend**: Node.js, Express, Socket.io - **Security Logic**: Custom JS heuristic engines, portscanner, cheerio (DOM analysis) - **Frontend**: Vanilla JS (ES6+), CSS3 (Modern Glassmorphic Design) - **DevOps**: Docker, Docker Compose ## ⚠️ Legal Disclaimer This tool is for **educational and authorized security testing only**. Scanning targets without explicit permission is illegal and unethical. The author is not responsible for any misuse of this tool. Developed by [Your Name/Profile] 🛡️

标签：CSP, Docker, GNU通用公共许可证, Heuristic Heuristic, HSTS, MITM代理, Node.js, Senior Engineering, SEO: Web安全扫描器, SEO: 漏洞检测工具, Socket.io, SQL注入检测, TCP端口扫描, Web安全扫描器, X-Frame-Options, XSS检测, 前端安全, 响应式UI, 安全头检测, 安全标准, 安全漏洞扫描, 安全演示, 安全防御评估, 实时扫描, 开放端口扫描, 模块化设计, 漏洞发现引擎, 自动化修复, 自定义脚本, 自定义逻辑, 请求拦截, 递归爬虫