gagan2006-hacked/Web-vulnerability-scanner

# Web Vulnerability Scanner A professional internship-ready full-stack vulnerability scanner MVP. ## Stack - Frontend: React, Vite, Tailwind CSS - Backend: Spring Boot, Spring Security, JWT - Database: MySQL - Scanner Engine: OWASP ZAP API - Deployment: Vercel frontend, Render backend ## MVP Features - Register and login with JWT - Submit public website URLs for scanning - Block localhost, private IPs, and internal hostnames - Start scan jobs through an OWASP ZAP integration layer - Store scan history and vulnerability alerts in MySQL - Dashboard-ready scan summary APIs - Severity, OWASP Top 10 mapping, recommendations, and security score - PDF report export endpoint - Basic in-memory API rate limiting - Admin/User roles ## Project Layout web-vulnerability-scanner/ backend/ Spring Boot REST API frontend/ React + Tailwind app scaffold docs/ Architecture, schema, API, deployment notes ## Backend Quick Start 1. Create MySQL database: CREATE DATABASE vuln_scanner CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 2. Configure environment variables: DB_URL=jdbc:mysql://localhost:3306/vuln_scanner DB_USERNAME=root DB_PASSWORD=your_password JWT_SECRET=change-this-to-a-very-long-random-secret-at-least-32-characters ZAP_BASE_URL=http://localhost:8081 ZAP_API_KEY= ZAP_MOCK=true FRONTEND_ORIGIN=http://localhost:5173 3. Run the backend: cd backend mvn spring-boot:run 4. Test health: curl http://localhost:8080/api/health ## Frontend Quick Start cd frontend npm install npm run dev ## OWASP ZAP Local Setup For MVP development, keep `ZAP_MOCK=true`. When ready for real scans, run ZAP daemon: docker run -u zap -p 8081:8080 -i ghcr.io/zaproxy/zaproxy:stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true Then set: ZAP_MOCK=false ZAP_BASE_URL=http://localhost:8081 Only scan websites you own or have written permission to test. ## Documentation - [Architecture](docs/ARCHITECTURE.md) - [API Design](docs/API_DESIGN.md) - [Database Schema](docs/database-schema.sql) - [Deployment Guide](docs/DEPLOYMENT.md) - [Screenshot Ideas](docs/SCREENSHOTS.md) ## Student MVP Roadmap 1. Backend authentication and scan APIs 2. MySQL persistence 3. ZAP mock scan flow 4. React login/dashboard/scan history 5. Real ZAP daemon integration 6. PDF reports 7. Admin dashboard, charts, and polish

标签：域名枚举