Share
## https://sploitus.com/exploit?id=31DC0C43-CAC1-5800-A601-394E51C91D27
# πŸ” Network Vulnerability Scanner



![Python](https://img.shields.io/badge/Python-3.11+-blue?logo=python&logoColor=white)
![Nmap](https://img.shields.io/badge/Nmap-7.94+-green?logo=nmap)
![Metasploit](https://img.shields.io/badge/Metasploit-Framework-red)
![License](https://img.shields.io/badge/License-MIT-yellow)

**Production-grade automated vulnerability-scanning framework combining Nmap reconnaissance with Metasploit exploitation validation and intelligent threat prioritization.**

[Features](#-features) β€’ [Quick Start](#-quick-start) β€’ [Architecture](#-architecture) β€’ [Usage](#-usage) β€’ [Security](#-security) β€’ [Testing](#-testing)



---

## ✨ Features

| Feature                     | Description                                                                              |
|-----------------------------|------------------------------------------------------------------------------------------|
| πŸ”Ž **Nmap Integration**      | Automated scanning with version detection, OS fingerprinting, and vulnerability scripts |
| πŸ›‘οΈ **Metasploit Validation** | Verify exploitability via RPC API (safe check mode by default)                          |
| πŸ“Š **Threat Prioritization** | `Score = CVSS Γ— Exploit Probability Γ— Asset Weight - FP Factor`                         |
| πŸ‘₯ **Two-Person Approval**   | Destructive tests require dual authorization with unique device fingerprints            |
| πŸ“ **HMAC Audit Trail**      | Tamper-evident logging with cryptographic chain verification                            |
| πŸ“ˆ **Prometheus Metrics**    | Full observability with Grafana dashboards                                              |
| πŸ” **RBAC**                  | Role-based access control (Viewer, Operator, Admin)                                     |
| 🚨 **Kill Switch**           | Emergency stop for all active scans                                                     |

---

## πŸš€ Quick Start

### Prerequisites

- Python 3.11+
- Nmap 7.94+ installed (`brew install nmap` on macOS)
- (Optional) Metasploit Framework for exploit validation

### Installation

```bash
# Clone the repository
git clone https://github.com/yourusername/Network_Vuln.git
cd Network_Vuln

# Create virtual environment
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt
```

### Your First Scan

```bash
# Quick scan (no root required)
python main.py scan \
  --target scanme.nmap.org \
  --user-id operator1 \
  --ticket-id VULN-0001 \
  --scan-type quick

# Full scan with vulnerability detection (requires sudo)
sudo python main.py scan \
  --target 192.168.1.100 \
  --user-id operator1 \
  --ticket-id VULN-0001 \
  --scan-type full
```

---

## πŸ—οΈ Architecture

```mermaid
graph TB
    subgraph Input
        A[Target IPs/Hostnames] --> B[Endpoint Manager]
    end
    
    subgraph Scanning
        B --> C[Nmap Controller]
        C --> D[Result Parser]
        D --> E[CVE Mapper]
    end
    
    subgraph Validation
        E --> F{Safe Mode?}
        F -->|Check Only| G[Metasploit Validator]
        F -->|Exploit| H[Two-Person Approval]
        H --> G
    end
    
    subgraph Analysis
        G --> I[Scoring Engine]
        I --> J[Report Generator]
    end
    
    subgraph Output
        J --> K[JSON Report]
        J --> L[CSV Report]
        J --> M[HTML Report]
    end
    
    subgraph Observability
        N[Prometheus Metrics]
        O[Audit Logger]
        P[HMAC Chain]
    end
```

### Data Flow

```
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚    Endpoint     │────▢│      Nmap       │────▢│     Result      β”‚
β”‚    Manager      β”‚     β”‚   Controller    β”‚     β”‚     Parser      β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                                        β”‚
                        β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”             β–Ό
                        β”‚     Report      β”‚β—€β”€β”€β”€β”€β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                        β”‚    Generator    β”‚     β”‚    Scoring      β”‚
                        β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β”‚     Engine      β”‚
                                                β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                                        β–²
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”             β”‚
β”‚   Safe Mode     │────▢│   Metasploit    β”‚β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚   Controller    β”‚     β”‚    Validator    β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
```

---

## πŸ“– Usage

### CLI Commands

#### Scan Targets

```bash
# Scan by IP address
python main.py scan --target 10.0.0.1 --user-id admin --ticket-id VULN-001

# Scan by hostname (auto-resolved)
python main.py scan --target scanme.nmap.org --user-id admin --ticket-id VULN-001

# Scan from file
python main.py scan --targets-file hosts.csv --user-id admin --ticket-id VULN-001
```

#### Scan Types

| Type      | Arguments                                      | Root Required | Description                    |
|-----------|------------------------------------------------|---------------|--------------------------------|
| `quick`   | `-sV -T4 --top-ports 100`                      | No            | Fast service version detection |
| `full`    | `-sV -O --script vuln,version -T2`             | Yes           | Complete vulnerability scan    |
| `stealth` | `-sS -T1 --script safe`                        | Yes           | Low-profile SYN scan           |
| `vuln`    | `-sV --script vuln -T2`                        | No            | Vulnerability scripts only     |

#### Validate Vulnerabilities

```bash
python main.py validate \
  --target 10.0.0.1 \
  --module exploit/windows/smb/ms17_010 \
  --user-id admin \
  --ticket-id VULN-001
```

#### Generate Reports

```bash
# All formats
python main.py report --scan-id abc123 --format all

# Specific format
python main.py report --scan-id abc123 --format html --output ./my-reports
```

#### Check Status

```bash
python main.py status
```

---

## πŸ” Security

### Security Requirements

| Requirement            | Implementation                                          |
|------------------------|---------------------------------------------------------|
| **msfrpcd Access**     | mTLS proxy (Envoy), localhost bind only                 |
| **Secrets Management** | Vault (AppRole/OIDC), no env vars in production         |
| **Exploit Mode**       | Two-person approval enforced in code                    |
| **Audit Trail**        | HMAC chain with Vault key, external timestamp anchoring |
| **Database**           | PostgreSQL with TLS, role-based access                  |

### Two-Person Approval

Destructive exploit actions require approval from two different users:

```python
# Operator requests approval
approval_id = safe_mode.request_exploit_approval(
    target="192.168.1.100",
    module="exploit/windows/smb/ms17_010",
    operator_id="operator1",
    operator_fingerprint="device-abc",
    ticket_id="VULN-001"
)

# Admin approves (must be different user + different device)
safe_mode.approve_exploit(
    approval_id=approval_id,
    approver_id="admin1",  # Must differ from operator
    approver_fingerprint="device-xyz"  # Must differ from operator's device
)
```

### HMAC Audit Chain

Every action is logged with a cryptographic chain that detects tampering:

```bash
# Verify audit chain integrity
python ops/verify_audit.py

# Interactive demo
python ops/demo_audit_chain.py
```

---

## πŸ§ͺ Testing

### Run All Tests

```bash
# Activate virtual environment
source venv/bin/activate

# Install test dependencies
pip install pytest pytest-asyncio

# Run all tests
./venv/bin/pytest tests/ -v
```

### Test Categories

| Category        | Command                                    | Description                               |
|-----------------|--------------------------------------------|-------------------------------------------|
| **Security**    | `pytest tests/test_security.py -v`         | Log scrubbing, PII redaction, git-secrets |
| **Audit Chain** | `pytest tests/test_audit_demo.py -v`       | HMAC chain verification, tamper detection |
| **Performance** | `pytest tests/perf/test_performance.py -v` | 100-endpoint latency, memory, CPU         |
| **Safe Mode**   | `pytest tests/test_safe_mode.py -v`        | Two-person approval, kill switch          |

### Audit Chain Demo

```bash
python ops/demo_audit_chain.py
```

Output demonstrates:
- βœ… Chain creation with linked HMACs
- βœ… Verification of chain integrity
- ❌ Tamper detection when records modified
- ❌ Broken chain link detection

---

## πŸ“ Project Structure

```
Network_Vuln/
β”œβ”€β”€ πŸ“„ main.py                 # CLI entry point
β”œβ”€β”€ πŸ“ src/                    # Core modules
β”‚   β”œβ”€β”€ endpoint_manager.py    # Target loading & validation
β”‚   β”œβ”€β”€ nmap_controller.py     # Nmap scanning with retries
β”‚   β”œβ”€β”€ result_parser.py       # Scan result normalization
β”‚   β”œβ”€β”€ cve_mapper.py          # CVE to exploit mapping
β”‚   β”œβ”€β”€ msf_validator.py       # Metasploit RPC integration
β”‚   β”œβ”€β”€ safe_mode.py           # Security controls & approvals
β”‚   β”œβ”€β”€ scoring_engine.py      # Threat prioritization
β”‚   β”œβ”€β”€ report_generator.py    # JSON/CSV/HTML output
β”‚   β”œβ”€β”€ pipeline.py            # Orchestration
β”‚   β”œβ”€β”€ logger.py              # Structured JSON logging
β”‚   β”œβ”€β”€ rbac.py                # Role-based access control
β”‚   β”œβ”€β”€ metrics.py             # Prometheus integration
β”‚   β”œβ”€β”€ secrets.py             # Vault integration
β”‚   └── worker_queue.py        # Async task queue
β”œβ”€β”€ πŸ“ tests/                  # Unit & integration tests
β”‚   β”œβ”€β”€ test_safe_mode.py
β”‚   β”œβ”€β”€ test_security.py
β”‚   β”œβ”€β”€ test_audit_demo.py
β”‚   β”œβ”€β”€ test_scoring_engine.py
β”‚   └── perf/                  # Performance tests
β”œβ”€β”€ πŸ“ database/               # PostgreSQL schema & migrations
β”œβ”€β”€ πŸ“ deploy/                 # Docker, Envoy, Prometheus configs
β”œβ”€β”€ πŸ“ ops/                    # Operational scripts
β”‚   β”œβ”€β”€ runbook.md
β”‚   β”œβ”€β”€ verify_audit.py
β”‚   └── demo_audit_chain.py
β”œβ”€β”€ πŸ“ config/                 # Environment configs
β”œβ”€β”€ πŸ“ reports/                # Generated scan reports
└── πŸ“ templates/              # Report templates
```

---

## 🐳 Deployment

### Docker Compose

```bash
cd deploy
docker-compose up -d
```

### Services

| Service    | Port             | Description                |
|------------|------------------|----------------------------|
| Scanner    | CLI              | Vulnerability scanning     |
| msfrpcd    | 55553 (internal) | Metasploit RPC (mTLS only) |
| PostgreSQL | 5432             | Scan data & audit logs     |
| Prometheus | 9091             | Metrics collection         |
| Grafana    | 3000             | Dashboards                 |

---

## πŸ“Š Scoring Formula

Vulnerabilities are prioritized using:

```
Final Score = (CVSS Γ— Exploit Probability Γ— Asset Weight) - False Positive Factor
```

| Factor              | Range   | Description                    |
|---------------------|---------|--------------------------------|
| CVSS                | 0-10    | Base vulnerability severity    |
| Exploit Probability | 0-1     | Metasploit validation result   |
| Asset Weight        | 0.5-3.0 | Business criticality of target |
| FP Factor           | 0-2     | Historical false positive rate |

---

## πŸ› οΈ Development

```bash
# Install dev dependencies
pip install -r requirements-dev.txt

# Run tests with coverage
pytest tests/ -v --cov=src --cov-report=html

# Lint
ruff check .

# Type checking
mypy src/
```

---

## Walkthrough

See the full project walkthrough here: [WALKTHROUGH.md](./WALKTHROUGH.md)

---

## πŸ“„ License

MIT License - See [LICENSE](LICENSE) for details.

---