Automated security assessment platform with local AI, CVE intelligence, and SOC monitoring. No API keys required.
Vibe-coded a full security scanner so I don’t have to think about it — just point it at a target and let it cook, powered by all the reading and granular knowledge I’ve built up
| Phase | Module | Description |
|---|---|---|
| 1–2 | Core Scanners | HTTP checks, security headers, TLS/SSL, WordPress, API surface |
| 3–6 | Parser & Enrichment | Deduplication, OWASP Top 10 mapping, CWE tagging, risk scoring |
| 4 | Trust Model | SHA-256 fingerprinting + analyst feedback loop |
| 7 | Dashboard | Flask web UI with live scan results |
| 9 | CI/CD Gate | Pipeline integration — exits 0/1 based on findings policy |
| 10 | SOC Monitoring | Asset discovery, exposure scanning, drift detection, risk scoring |
| 11 | Injection Detection | SQLi, XSS, command injection; async scanning; exploitability scoring |
| 12 | Local AI | CPU-only DistilBERT + MiniLM — no API keys, no cloud |
| 13 | CVE Database | Local CVE/PoC tracking, CVSS scores, Metasploit/ExploitDB refs |
| 14 | Deep Scanning | SSRF, XXE, IDOR, path traversal, JWT flaws, GraphQL, cloud (S3/Azure/GCP/K8s) |
git clone https://github.com/your-username/sec_platform.git
cd sec_platform
pip install -r requirements.txt
python run_scan.py https://example.comOnly scan targets you own or have explicit written permission to test.
pip install -r requirements.txt
# Optional: AI analysis engine (~90MB models, CPU-only)
pip install torch transformers sentence-transformers
python scripts/download_models.pypython cli_menu.py# Standard scan (fast)
python run_scan.py https://example.com
# Full analysis — AI + CVE + all reports
python run_scan.py --full-analysis https://example.com
# Skip AI for faster results
python run_scan.py --skip-ai https://example.com
# Deep scan + reconnaissance
python run_scan.py --deep-scan --reconnaissance https://example.com
# All optional modules
python run_scan.py --full-analysis --deep-scan --reconnaissance --advanced --cloud https://example.com
# Piped input
echo "https://example.com" | python run_scan.pypython run_scan_simple.py https://example.com# One-shot SOC pipeline (asset discovery → exposure → drift → risk → remediation)
python run_scan.py --soc
# Scheduled scans (runs every 24h against targets.txt)
python run_scan.py --schedule --interval 24python dashboard/app.py
# → http://localhost:5000| Flag | Description |
|---|---|
--full-analysis |
Enable all features: AI, CVE, deep scan, recon, cloud, reports |
--deep-scan |
SSRF, XXE, IDOR, path traversal, clickjacking, host header injection |
--reconnaissance |
Subdomain enumeration, tech fingerprinting, JS analysis |
--advanced |
JWT flaws, session management, GraphQL, auth bypass |
--cloud |
S3, Azure Blob, GCP, Docker API, Kubernetes |
--skip-ai |
Skip local AI analysis (faster, still runs CVE enrichment) |
--skip-cve |
Skip CVE database enrichment |
--skip-injection |
Skip SQL/XSS/CMDi injection testing |
--no-reports |
Don't auto-generate PDF/HTML reports |
--soc |
Run SOC monitoring pipeline instead of a scan |
--schedule |
Loop scan on targets.txt (use with --interval) |
--interval N |
Hours between scheduled scans (default: 24) |
sec_platform/
│
├── run_scan.py # Main entry point (Phases 1–14)
├── run_scan_simple.py # Offline-friendly minimal scan
├── cli_menu.py # Interactive terminal menu
├── install.sh # One-command setup
├── requirements.txt # Python dependencies
├── targets.txt # Multi-target URL list
│
├── scanners/ # Phase 2 & 11 & 14 — Vulnerability scanners
│ ├── web_scanner.py # HTTP/HTTPS checks
│ ├── header_checker.py # Security headers audit
│ ├── tls_checker.py # TLS/SSL analysis
│ ├── wordpress_checker.py # WordPress attack surface
│ ├── api_checker.py # API surface & sensitive files
│ ├── injection_detector.py # SQLi / XSS / CMDi
│ ├── deep_scanner.py # SSRF, XXE, IDOR, path traversal
│ ├── recon_scanner.py # Subdomain enum, tech fingerprinting
│ ├── advanced_scanner.py # JWT, auth bypass, GraphQL
│ ├── cloud_scanner.py # S3, Azure, GCP, Docker, K8s
│ └── async_scanner.py # Async parallel scanning engine
│
├── parser/ # Phase 3–6 — Parsing & enrichment
│ ├── parser_engine.py # Orchestrates full parse pipeline
│ ├── deduplicator.py # Removes duplicate findings
│ └── risk_score.py # Aggregate numeric risk score
│
├── ai_engine/ # Phase 4 & 12 — AI components
│ ├── local_analyzer.py # DistilBERT + MiniLM analysis
│ ├── false_positive_filter.py # ML-based FP detection
│ ├── learning_loop.py # Enrichment orchestrator
│ ├── pattern_fingerprint.py # SHA-256 finding fingerprint
│ ├── trust_model.py # Trust scoring from feedback
│ └── feedback_store.py # Analyst feedback persistence
│
├── compliance/ # Phase 6 — OWASP mapping
│ └── compliance_mapper.py # OWASP Top 10 2021 + CWE tags
│
├── intelligence/ # Phase 11 & 13 — Threat intelligence
│ ├── exploitability_scorer.py # CVSS-style exploit scoring
│ ├── cve_database.py # Local CVE/PoC database
│ └── cve_updater.py # Fetches CVEs from NVD/ExploitDB
│
├── lifecycle/ # Phase 5 — Finding lifecycle
│ ├── vuln_db.py # JSON report persistence
│ └── status_manager.py # open/confirmed/resolved/FP
│
├── reports/ # Report generators
│ ├── pdf_generator.py # Professional PDF reports (reportlab)
│ ├── ai_report_generator.py # AI-enhanced Markdown reports
│ ├── cve_enhanced_report.py # CVE/PoC HTML reports
│ └── comparison_reporter.py # Diff two scans, show regressions
│
├── dashboard/ # Phase 7 — Web UI
│ ├── app.py # Flask app
│ └── templates/index.html # Dark-mode dashboard
│
├── soc/ # Phase 10 — SOC monitoring
│ ├── asset_discovery/ # DNS resolution + TLS probe
│ ├── exposure/ # HTTP + header exposure scan
│ ├── drift_detection/ # Compare current vs previous inventory
│ ├── risk_scoring/ # Weighted score per asset
│ ├── remediation/ # Actionable fix tasks
│ └── continuous_monitoring.py # Pipeline orchestrator
│
├── orchestrator/ # Phase 9 — Multi-target
│ └── multi_target_runner.py # Parallel scan orchestration
│
├── schedulers/ # Phase 9 — Scheduling
│ └── scheduled_scan.py # Cron-style recurring scans
│
├── cicd/ # Phase 9 — CI/CD integration
│ └── security_gate.py # Exit 0/1 for pipeline blocking
│
├── utils/ # Shared utilities
│ └── terminal_ui.py # Colored output, progress bars
│
└── scripts/
└── download_models.py # Pre-download AI models
Every scan automatically generates:
| Output | Location | Format |
|---|---|---|
| JSON report | reports/scan_<target>.json |
Machine-readable |
| PDF report | reports/pdfs/ |
Client-ready |
| AI analysis | reports/ai_reports/ |
Markdown |
| CVE report | reports/cve_reports/ |
HTML + Markdown + JSON |
| Comparison | reports/comparisons/ |
JSON diff |
The AI engine runs entirely on CPU — no cloud, no API keys, no cost:
| Model | Size | Purpose |
|---|---|---|
typeform/distilbert-base-uncased-mnli |
~67MB | Vulnerability classification |
sentence-transformers/all-MiniLM-L6-v2 |
~23MB | Semantic similarity |
Models are auto-downloaded on first run and cached in .ai_models_cache/.
Pre-download manually:
python scripts/download_models.pyIf AI dependencies aren't installed, the platform automatically falls back to rule-based analysis — all scans still work.
Use cicd/security_gate.py as a pipeline step:
# .github/workflows/security.yml
- name: Security scan
run: |
python run_scan.py --skip-ai ${{ env.TARGET_URL }}
- name: Security gate
run: python cicd/security_gate.py --max-risk 30 --fail-on highExit codes:
0— PASS (safe to deploy)1— FAIL (blocking findings detected)2— ERROR (no report found)
A ready-to-use GitHub Actions workflow is in ci_templates/github_actions.yml.
Add URLs to targets.txt (one per line, # for comments):
https://example.com
https://api.example.com
# https://staging.example.com ← skipped
Then run:
# Sequential
python orchestrator/multi_target_runner.py
# Parallel (4 workers)
python orchestrator/multi_target_runner.py --workers 4# Scan every 6 hours
python schedulers/scheduled_scan.py --interval 6
# Run SOC pipeline on schedule
python schedulers/scheduled_scan.py --soc --interval 12
# One-shot (useful for cron)
python schedulers/scheduled_scan.py --onceOr via cron:
0 */6 * * * cd /path/to/sec_platform && python schedulers/scheduled_scan.py --once# Run the full SOC pipeline
python soc/continuous_monitoring.py
# Or via main runner
python run_scan.py --socSteps executed in sequence:
- Asset Discovery — DNS + TLS probe each target
- Exposure Scan — HTTP reachability, headers, TLS version
- Drift Detection — Compare against previous snapshot, alert on new/removed assets
- Risk Scoring — Weighted score per asset
- Remediation Tasks — Actionable fix list saved to
remediation_tasks.json
The platform enforces authorization before every scan:
# Interactive prompt (default)
python run_scan.py https://example.com
# → Is this target authorized for testing? (yes/no):
# Skip prompt in automated/CI environments
SEC_AUTHORIZED=yes python run_scan.py https://example.com- Python 3.9+
- Core:
flask requests pyyaml pyjwt colorama tqdm reportlab pillow aiohttp cryptography - AI (optional):
torch transformers sentence-transformers scikit-learn numpy
SEC Platform maps findings to:
- OWASP Top 10 2021 (A01–A10)
- CWE identifiers
- CVSS v3 scores (via CVE database)
See CHECKLIST_MATRIX.md for the full coverage matrix and PENTESTING_CHECKLIST.md for the manual testing guide.
For Troubleshooting Troubleshooting.md
- Fork the repo
- Create a feature branch:
git checkout -b feature/new-scanner - Add your scanner in
scanners/following the existing interface:def run_my_scanner(url: str) -> list[dict]: # Each finding: {"issue": str, "severity": str, "tool": str, "evidence": str} return findings
- Wire it into
run_scan.pywith atry/except ImportErrorguard - Open a pull request
This tool is intended for authorized security testing only.
Using it against systems you do not own or have explicit permission to test is illegal and unethical.
The authors assume no liability for misuse.
MIT — see LICENSE for details.