Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions .github/workflows/python-app.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python

name: Python application

on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]

permissions:
contents: read

jobs:
build:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- name: Set up Python 3.10
uses: actions/setup-python@v3
with:
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install flake8 pytest
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Test with pytest
run: |
pytest
54 changes: 54 additions & 0 deletions AI-Remediation-Report.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# pace.edu Security Assessment Remediation Plan

## Executive Summary

This report summarizes the findings of a security assessment conducted on pace.edu. Two vulnerabilities were identified. The most critical vulnerability is a successful zone transfer, allowing potential attackers to gain sensitive information and potentially cause a denial-of-service attack. This is classified as a high-severity (severity "h") risk and requires immediate attention. The second finding is an informational alert indicating a lack of IPv6 support, which, while not a direct vulnerability, represents a missed opportunity to enhance security.

## Vulnerability Details & Remediation

### 1. Zone Transfer Successful using DNSEnum (Severity: High - "h")

**Risk:** A successful zone transfer allows unauthorized access to the DNS zone file for pace.edu. This exposes critical information like internal hostnames and IP addresses, which can be used for further attacks, including targeted phishing or denial-of-service attacks. The vulnerability is *not* directly due to OpenSSL, as the report incorrectly links this vulnerability's remediation to an OpenSSL vulnerability description. The underlying issue is misconfigured DNS settings.

**Remediation:**

1. **Identify the DNS Server:** Determine which DNS server(s) are responsible for pace.edu.
2. **Access DNS Server Configuration:** Gain administrative access to the DNS server's configuration files (e.g., BIND's named.conf).
3. **Disable Zone Transfers:** Configure the DNS server to explicitly deny zone transfers. The exact method depends on the DNS server software used. For BIND, this typically involves modifying the `allow-transfer` directive in the zone file to restrict access to only authorized IP addresses or to remove this directive entirely. Example (BIND):

```
zone "pace.edu" {
type master;
file "/etc/bind/db.pace.edu";
allow-transfer { none; }; //Restrict zone transfers
};
```
4. **Verify the Remediation:** After making changes, run `dnsenum` again to confirm that zone transfers are no longer successful.
5. **Regular Audits:** Regularly audit DNS server configurations to ensure security settings remain in place.

### 2. Missing IPv6 Address (Severity: Informational - "i")

**Risk:** The absence of an IPv6 address is not a direct security vulnerability but represents a missed opportunity to enhance security and improve network infrastructure. IPv6 offers improved security features, including native support for IPSec.

**Remediation:**

1. **Assess IPv6 Readiness:** Evaluate the network infrastructure to determine the feasibility of implementing IPv6. This includes checking for compatibility with existing hardware and software.
2. **Obtain IPv6 Addresses:** Contact your ISP or network provider to request IPv6 address allocation.
3. **Configure Network Devices:** Configure routers, firewalls, and servers to support IPv6. This might involve updating configuration files and enabling IPv6 protocols. Consult the documentation of your specific devices.
4. **Test IPv6 Connectivity:** Verify that all systems and applications are functioning correctly over IPv6 after the implementation.
5. **Monitor and Maintain:** Regularly monitor IPv6 connectivity and performance. Ensure that security protocols (like IPSec, if used) are properly configured for IPv6 traffic.


## Preventative Best Practices

* **Regular Security Audits:** Conduct regular security assessments and penetration testing to identify and address vulnerabilities proactively.
* **Strong Password Policies:** Enforce strong password policies for all accounts with multi-factor authentication (MFA) where applicable.
* **Vulnerability Management:** Implement a vulnerability management system to track and remediate vulnerabilities promptly.
* **Regular Software Updates:** Keep all software and operating systems up-to-date with the latest security patches.
* **Security Information and Event Management (SIEM):** Implement a SIEM system to monitor security logs and detect potential threats in real-time.
* **Firewall Configuration:** Ensure firewalls are properly configured to restrict unauthorized access to network resources.
* **Employee Security Awareness Training:** Educate employees on security best practices to reduce the risk of social engineering attacks.
* **Principle of Least Privilege:** Grant users only the minimum necessary privileges required to perform their job duties.


This remediation plan provides a starting point. Further investigation might be necessary depending on the specific environment and the complexity of the systems involved. Always consult official documentation for your specific software and hardware to ensure proper configuration.
64 changes: 63 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1 +1,63 @@
# Vulnerability-Scanner
# Vulnerability Scanner Pro 🛡️

A next-generation, AI-powered vulnerability scanner that uses **Google Gemini** agents to intelligently analyze targets, run security tools, and interpret results. Now featuring a cross-platform GUI!

## Features

- **🤖 AI Agents**: Uses Large Language Models to reason about security findings, not just regex matching.
- **🖥️ Cross-Platform GUI**: Modern, dark-themed interface built with Flet.
- **🔌 Automated Setup**: One-click installers for Windows, Linux, and macOS.
- **📊 Live Reporting**: Real-time tool execution logs and Markdown reports.
- **🛠️ Integrated Tools**: Orchestrates `nmap`, `hydra`, `tshark`, and more.

## Quick Start (GUI)

### Windows
1. Right-click `install_windows.ps1` and select **Run with PowerShell**.
2. The scanner will launch automatically.

### Linux
```bash
chmod +x install_linux.sh
sudo ./install_linux.sh
```

### macOS
```bash
chmod +x install_mac.sh
./install_mac.sh
```

## CLI Usage

If you prefer the command line:

**Linux/Mac**:
```bash
chmod +x vulnscan_cli.sh
./vulnscan_cli.sh <target> [api_key]
```

**Windows (PowerShell)**:
```powershell
.\vulnscan_cli.ps1 -Target <target> -Key <api_key>
```

**Direct Python**:
```bash
python scanner.py <target> --key <YOUR_GEMINI_KEY>
```

## Requirements

- Python 3.8+
- Google Gemini API Key
- System Tools (Auto-installed by scripts where possible):
- Nmap
- Hydra
- SearchSploit (ExploitDB)
- TShark (Wireshark)

## License

MIT License
52 changes: 52 additions & 0 deletions README_AGENT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# AI Security Scanner Agent

This project has been updated to include an AI Agent that can perform security scans using the `VulnerabilityScanner` tool.

## Changes

- **`scanner.py`**: Refactored to include a `VulnerabilityScanner` class. This allows the scanner to be used as a library/tool by other Python scripts while maintaining its command-line functionality.
- **`agent.py`**: A new AI Agent built with the Microsoft Agent Framework. It uses the `VulnerabilityScanner` to perform scans when requested by the user.
- **`requirements.txt`**: Lists the dependencies required for the agent.

## Setup

1. Install the dependencies:

```bash
pip install -r requirements.txt
```

2. Set up your Model API Key:
- The agent is configured to use GitHub Models (e.g., GPT-4o).
- Set the `GITHUB_TOKEN` environment variable with your API key.
- Alternatively, you can modify `agent.py` to use Azure OpenAI or other providers supported by the Agent Framework.

## Usage

### Running the Agent

Run the agent interactively:

```bash
python agent.py
```

You can then chat with the agent:

```text
User: Scan example.com
Agent: Starting scan for example.com...
...
```

### Running the Scanner (Standalone)

You can still run the scanner as a standalone script:

```bash
python scanner.py example.com
```

## MCP Support

The agent is configured to support Model Context Protocol (MCP) tools. You can add MCP tools in the `create_mcp_tools` function in `agent.py`.
Loading