MariuszBsk/-Advanced-Web-Vulnerability-Scanner
GitHub: MariuszBsk/-Advanced-Web-Vulnerability-Scanner
基于深度学习双模型架构的Web漏洞扫描器,通过AI识别SQL注入和XSS漏洞并自动测试payload有效性。
Stars: 0 | Forks: 0
🛡️ 高级 Web 漏洞扫描器
一款智能的 AI 驱动 Web 安全扫描器,结合了深度学习检测与自动化 payload 测试,用于识别 SQL 注入和 XSS 漏洞。
🎯 功能特性
```
🤖 Dual AI Model Architecture
Detection Model: Identifies vulnerabilities in HTML/JavaScript content
Payload Model: Tests and ranks payload effectiveness
🔍 Smart Detection Methods
TensorFlow/Keras deep learning models for pattern recognition
Fallback regex-based pattern matching
Context-aware vulnerability identification
🎯 Supported Vulnerabilities
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Custom vulnerability types support
📊 Comprehensive Reporting
Markdown reports with actionable attack scenarios
Severity scoring (Critical → Info)
Exact location mapping (line numbers, HTML elements)
Copy-paste ready payloads
Remediation recommendations
⚡ Smart Features
Configurable request delays for responsible scanning
Session management with realistic headers
Automatic payload effectiveness ranking
HTML/JavaScript parser with precise location tracking
🚀 Quick Start
```
前置条件
bash
pip install requests beautifulsoup4 numpy tensorflow keras
模型设置
请将你训练好的模型放置在以下目录结构中:
scanner/
├── models2/
│ ├── vulnerability_model.h5 # 检测模型
│ ├── tokenizer.pkl # 检测 tokenizer
│ └── label_mapping.pkl # 漏洞标签
└── models/
├── payload_model.h5 # Payload 有效性模型
└── payload_tokenizer.pkl # Payload tokenizer
```
💡 Example Output
🚀 Starting comprehensive vulnerability assessment...
```
✅ 使用新的检测模型发现了 3 个漏洞
🎉 扫描成功完成!
📊 发现漏洞数量:3
🔴 严重:1
🟠 高危:2
📄 已生成报告:vulnerability_scan_report_20241201-143022.md
基本用法
# 使用模式匹配进行快速扫描
python vulnerability_scanner.py https://target-site.com
# 结合 payload 测试的完整 AI 扫描
python vulnerability_scanner.py https://target-site.com -a
# 带有延迟的负责任扫描
python vulnerability_scanner.py https://target-site.com -d 0.5 -a
📋 生成的报告包含
```
Executive Summary: Severity breakdown and statistics
Detailed Findings: Exact location, code context, HTML elements
Attack Scenarios: Step-by-step exploitation guidance
Tested Payloads: Ranked by AI-predicted effectiveness
Remediation Steps: OWASP-compliant fixes
User Input → HTML Parser → Element Extraction → Detection Model
↓
Vulnerability Found?
↓
Payload Testing Model
↓
Comprehensive Report
🔧 Command Line Arguments
```
参数 描述 默认值
url 目标网站 URL(自动添加 http://) 必填
-d, --delay 请求之间的秒数 0
-a, --auto 运行自动化 payload 测试 False
⚠️ 法律声明
本工具仅供授权的安全测试使用。用户必须:
```
Obtain explicit permission before scanning any website
Comply with all applicable laws and regulations
Accept full responsibility for any damages or legal consequences
```
🛠️ 技术细节
```
Framework: TensorFlow/Keras for deep learning models
Parsing: BeautifulSoup4 for HTML/JavaScript extraction
Preprocessing: Sequence padding and tokenization
Confidence Threshold: 60% for detection accuracy
Payload Ranking: AI-model predicted effectiveness scores
```
📈 未来增强计划
```
Multi-threaded scanning
Custom payload injection engine
CSRF and SSRF detection
API endpoint fuzzing
Interactive CLI mode
Docker containerization
```
🤝 参与贡献
欢迎贡献代码!改进方向包括:
```
Additional vulnerability types (Command Injection, Path Traversal)
Model training scripts and datasets
Burp Suite/ZAP integration
CI/CD pipeline integration
```
📚 参考资料
```
OWASP Testing Guide
PortSwigger Research
CWE Top 25
```
⚠️ 重要提示:此扫描器需要预训练的 TensorFlow 模型。训练脚本和数据集可应要求提供。
标签:AI安全, AMSI绕过, Apex, Chat Copilot, CISA项目, DNS枚举, Keras, Payload测试, Python, SQL注入检测, TensorFlow, Web安全, XSS漏洞扫描, 人工智能, 加密, 反取证, 威胁检测, 安全报告, 安全评估, 无后门, 机器学习, 深度学习, 漏洞扫描器, 用户模式Hook绕过, 网络安全工具, 自动化渗透测试, 蓝队分析, 载荷生成, 逆向工具