suraj718549-cmyk/AegisScan-Vulnerability-Scanner

# 🛡️ AegisScan // Multithreaded Cybersecurity Vulnerability Scanner [](https://www.python.org/) [](https://opensource.org/licenses/MIT) [](https://en.wikipedia.org/wiki/Vulnerability_scanner) AegisScan is an educational, portfolio-grade vulnerability scanning utility built from scratch using Python. It features a stunning, sci-fi "cyberpunk hacker" dark-themed Tkinter GUI, a high-performance multithreaded socket engine, active banner grabbing, and local vulnerability assessments. Perfect for students, cybersecurity beginners, and engineers looking to demonstrate socket programming, UI concurrency, and automated security auditing in their portfolio. ## 🚀 Key Features * **⚡ Multithreaded TCP Port Scanning**: Utilizes a thread-safe Queue architecture to scan up to 150 ports concurrently without locking or freezing the graphical interface. * **📡 Animated Canvas Radar Widget**: Features a retro circular radar canvas with dynamic sweeping lines, degree marks, and cyan target indicators that blink in real-time as active ports are discovered. * **🕵️ Active Banner Grabbing**: Connects to open ports and reads greeting responses to identify service types, daemon versions, and running software. * **🔍 Targeted Security Auditing**: * **FTP Anonymous Checker**: Actively tests exposed FTP servers (Port 21) for insecure anonymous user logins. * **HTTP Header Security Auditor**: Requests headers from active web daemons and checks for missing modern security barriers (`X-Frame-Options`, `Content-Security-Policy`, `Strict-Transport-Security`, `X-Content-Type-Options`, `Referrer-Policy`). * **SSL/TLS Validation**: Validates certificates on Port 443, catching expired or self-signed certificates. * **📊 Premium Interactive Reports**: * **HTML Dashboard**: Builds a responsive dark dashboard showcasing severity summary stats, a custom CSS threat gauge, interactive Accordion risk lists, and direct browser-native Print-to-PDF styles. * **TXT Summary File**: Compiles clean, structural logs with custom ASCII art tables. * **🔌 Zero Dependencies**: Uses only standard Python libraries. Safe, portable, and runs instantly out of the box on Windows, macOS, and Linux! ## 📂 Project Structure Vulnerability-Scanner/ │ ├── aegis_scan/ │ ├── __init__.py # Package initializer │ ├── database.py # Port service references & CVE signature database │ ├── scanner.py # Core multithreaded socket audit logic │ ├── report.py # Report compilers (Stunning HTML Dashboard & TXT) │ └── gui.py # Futuristic Tkinter GUI (Radar canvas, queues) │ ├── main.py # Project entry script (Dual CLI & GUI support) ├── requirements.txt # Zero-dependency package configuration notice └── README.md # Exceptional, internship-ready documentation ## 🛠️ Getting Started & Run Instructions Since **AegisScan** has **no external dependencies**, you only need standard Python installed! ### Prereqs Ensure Python 3.7+ is installed. Windows systems automatically include `tkinter`. *(If you are running a minimal Linux setup, you can add it via: `sudo apt-get install python3-tk`)* ### 1. Standard Graphical Execution (Recommended) Simply launch the program without arguments to start the glorious cyberpunk dashboard: python main.py ### 2. High-Performance CLI Execution For quick scripting, run audits directly inside your shell: # Basic scan against localhost python main.py localhost # Custom port list using 80 threads in CLI mode python main.py scanme.nmap.org -c -p 21,22,80,443 -t 80 # Audit extended port ranges python main.py 127.0.0.1 -c -p 1-1000 #### Command-Line Arguments: positional arguments: target Target hostname or IP address to audit (e.g. 'localhost' or 'scanme.nmap.org'). options: -h, --help show this help message and exit -p PORTS, --ports PORTS Ports to probe. Choices: - 'common' : Audits standard service ports (default) - '1-1000' : Range notation - '22,80,443,3306' : Comma separated custom list -t THREADS, --threads THREADS Size of worker thread pool (5 to 150, default 40). -c, --cli Enforce direct Command-Line Mode (prevents starting Tkinter GUI). ## 💡 Deep Technical Engineering Walkthrough ### 1. Asynchronous Multithreading In Tkinter, the main thread runs a continuous event loop (`root.mainloop()`) to draw elements and listen for user clicks. If you run a sequential socket-scanner on the main thread, the entire window will freeze and become unresponsive until all ports are scanned. **AegisScan solves this concurrency challenge by:** 1. Spawning the scanner on a dedicated daemon background thread. 2. Generating a queue (`queue.Queue`) of port numbers. 3. Spawning up to 150 worker threads that concurrently fetch ports from the queue, perform connection attempts, and report back. 4. Using Tkinter's thread-safe polling loop `.after()` to fetch logs and progress metrics from secondary threads every 50 milliseconds, updating the console, radar, and tree table with 0fps lag! ### 2. TCP Port Scanning & Sockets The scanning engine uses standard TCP sockets to perform a non-intrusive TCP 3-way handshake: import socket with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: s.settimeout(timeout_value) result = s.connect_ex((ip_address, port_number)) if result == 0: # Port is open! * `AF_INET` defines the IPv4 addressing family. * `SOCK_STREAM` specifies the TCP connection-oriented protocol. * `connect_ex` returns a status code directly (`0` represents successful connection, others represent socket timeout or closed states) instead of raising an exception, which makes the scanner lightning fast and robust. ### 3. Active Banner Grabbing & Auditing import urllib.request req = urllib.request.Request(url, method="HEAD") with urllib.request.urlopen(req, timeout=timeout) as response: headers = response.info() server_banner = headers.get("Server") Discovered banners are run through the local database module (`aegis_scan/database.py`), checking for signature patterns (like `vsftpd 2.3.4` or EOL web servers) to demonstrate version-based vulnerability matching safely. ## 🛡️ Safe Auditing & Legal Disclaimer **IMPORTANT READ:** AegisScan only performs safe, non-intrusive audits. It: * **DOES NOT** perform brute-force dictionary attacks. * **DOES NOT** execute actual exploit payloads. * **DOES NOT** flood targets with Denial-of-Service packets. *Created as a high-fidelity educational repository to showcase Python network programming, graphical interface engineering, and cybersecurity auditing.*