Exploit for VulnHawk

Name: Exploit for VulnHawk
Rating: 5 (126 reviews)
2026-04-01 | CVSS 6.0
## https://sploitus.com/exploit?id=3EFB21F7-B711-5DED-9ECD-7627DC7F9796
# 🛡️ VulnHawk — OWASP Top 10 Web Vulnerability Scanner


  
  
  
  
  
  



  VulnHawk is an advanced, full-stack web application vulnerability scanner that tests for all OWASP Top 10 (2021) vulnerability classes using active probing, ML-based severity classification, CVE enrichment, and automated PDF reporting — all wrapped in a real-time terminal-style web dashboard.


---

## 📸 Dashboard Preview

```
╔══════════════════════════════════════════════════════════╗
║  🛡 VULNHAWK          STATUS: ACTIVE    FINDINGS: 14    ║
╠══════════════════════════════════════════════════════════╣
║  TARGET: http://testphp.vulnweb.com                     ║
║  ████████████████████████░░░  87%                       ║
║  🤖 Running ML severity classifier...                   ║
╠══════════════╦═══════════════════════════════════════════╣
║  RISK: HIGH  ║  FINDINGS TABLE                          ║
║  CRIT:  2    ║  #  Vulnerability        Severity  Score ║
║  HIGH:  5    ║  1  SQL Injection        CRITICAL   95   ║
║  MED:   4    ║  2  Reflected XSS        HIGH       78   ║
║  LOW:   3    ║  3  Missing HSTS         MEDIUM     52   ║
╚══════════════╩═══════════════════════════════════════════╝
```

---

## ✨ Key Features

### 🔍 Scanning Modules
| Module | OWASP | What It Detects |
|--------|-------|-----------------|
| **SQL Injection** | A03:2021 | Error-based, time-based blind, boolean blind, NoSQL |
| **Cross-Site Scripting** | A03:2021 | Reflected, DOM-based, filter bypass payloads |
| **Security Headers** | A05:2021 | Missing HSTS, CSP, X-Frame-Options, cookie flags |
| **SSRF** | A10:2021 | Internal endpoints, cloud metadata (AWS/GCP/Azure) |
| **Path Traversal / LFI** | A01:2021 | Unix/Windows traversal, encoded variants |

### 🤖 ML Severity Classifier
- **Gradient Boosting** model trained on vulnerability feature vectors
- Features: vuln type, CVSS score, detection confidence, parameter context, OWASP rank
- Outputs: `ml_severity`, `ml_confidence`, `exploitability_score` (0–100)
- Auto-trains and caches model on first run (`ml/vulnhawk_model.pkl`)

### 🌐 Threat Intelligence
- **NIST NVD API v2.0** — fetches related CVEs per CWE/vulnerability type
- **AbuseIPDB** — scores target IP for malicious activity history
- **HaveIBeenPwned** — checks if target domain appears in known data breaches

### 📊 Live Dashboard
- Real-time WebSocket progress updates
- Interactive severity bar chart, OWASP doughnut chart
- Filterable findings table with exploitability scores
- Click-to-expand detail modal with CVEs, MITRE ATT&CK mapping, remediation

### 📄 PDF Reports
- Auto-generated, professionally styled PDF with:
  - Executive summary & risk rating
  - Per-finding detail blocks with evidence and remediation
  - MITRE ATT&CK® coverage matrix
  - Prioritized remediation roadmap
  - Threat intelligence data (IP rep, breach records)

---

## 🏗️ Architecture

```
VulnHawk/
├── api/
│   └── main.py              ← FastAPI app + WebSocket engine + scan orchestrator
├── scanner/
│   ├── crawler.py           ← Async BFS web crawler (URLs, forms, params)
│   ├── sqli.py              ← SQL Injection scanner (3 detection methods)
│   ├── xss.py               ← XSS scanner (Reflected + DOM-based)
│   ├── headers.py           ← HTTP headers + cookie + TLS auditor
│   └── ssrf.py              ← SSRF + Path Traversal scanner
├── ml/
│   └── classifier.py        ← Gradient Boosting severity classifier
├── intel/
│   └── cve_lookup.py        ← NVD CVE + AbuseIPDB + HIBP integration
├── report/
│   └── pdf_gen.py           ← ReportLab PDF generator + MITRE mapper
├── dashboard/
│   └── templates/index.html ← Terminal-style live dashboard (vanilla JS)
├── config/
│   └── settings.py          ← All config, OWASP categories, severity maps
├── tests/
│   └── test_scanner.py      ← pytest unit tests
├── Dockerfile
├── docker-compose.yml
├── requirements.txt
└── .env.example
```

---

## 🚀 Quick Start

### Option 1 — Docker (Recommended)

```bash
# Clone the repo
git clone https://github.com/YOUR_USERNAME/VulnHawk.git
cd VulnHawk

# Configure API keys (optional but recommended)
cp .env.example .env
nano .env

# Build and run
docker-compose up --build

# Open dashboard
open http://localhost:8000
```

### Option 2 — Local Python

```bash
# Clone
git clone https://github.com/YOUR_USERNAME/VulnHawk.git
cd VulnHawk

# Create virtual environment
python -m venv venv
source venv/bin/activate        # Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Configure environment
cp .env.example .env
# Edit .env with your API keys

# Run
python -m api.main
# OR
uvicorn api.main:app --host 0.0.0.0 --port 8000 --reload

# Open dashboard
open http://localhost:8000
```

---

## 🔑 API Keys (Optional)

All API integrations are optional — VulnHawk works without them, but they enrich results significantly.

| Service | Purpose | Get Key |
|---------|---------|---------|
| NIST NVD | CVE enrichment (free) | [nvd.nist.gov/developers](https://nvd.nist.gov/developers/request-an-api-key) |
| AbuseIPDB | IP reputation (free tier) | [abuseipdb.com/register](https://www.abuseipdb.com/register) |
| HaveIBeenPwned | Breach data ($3.50/mo) | [haveibeenpwned.com/API/Key](https://haveibeenpwned.com/API/Key) |

---

## 📡 API Reference

### Start a Scan
```http
POST /api/scan
Content-Type: application/json

{
  "target_url": "http://testphp.vulnweb.com",
  "scan_modules": ["sqli", "xss", "headers", "ssrf", "traversal"],
  "generate_pdf": true,
  "enrich_cve": true
}
```

### Get Scan Status
```http
GET /api/scan/{scan_id}
```

### Download PDF Report
```http
GET /api/scan/{scan_id}/report
```

### WebSocket Live Updates
```javascript
const ws = new WebSocket('ws://localhost:8000/ws/{scan_id}');
ws.onmessage = (e) => {
  const { type, progress, message, findings } = JSON.parse(e.data);
  // type: "progress" | "complete" | "error"
};
```

---

## 🧠 ML Model Details

The ML classifier uses a **Gradient Boosting** ensemble with 8 handcrafted features:

| Feature | Description |
|---------|-------------|
| `vuln_type_enc` | Encoded vulnerability category (0–19) |
| `cvss_score` | Base CVSS score from scanner |
| `detection_method` | Confidence of detection (0=passive, 2=active) |
| `has_payload` | Whether an active payload was used |
| `has_evidence` | Whether direct evidence was captured |
| `param_is_url` | Detects URL-class injection parameters |
| `param_is_file` | Detects file-class injection parameters |
| `owasp_rank` | OWASP category rank (A01=1 → A10=10) |

Training data: 460 synthetic samples with Gaussian noise for generalization.  
Model accuracy on held-out test set: **~89%** (5-class severity classification).

---

## ⚖️ Legal & Ethical Use

> **VulnHawk is designed exclusively for authorized security testing.**

- ✅ Scan your own applications
- ✅ Scan with explicit written permission
- ✅ Use in CTF / bug bounty targets that allow automated scanning
- ✅ Use against intentionally vulnerable apps: [DVWA](https://dvwa.co.uk/), [WebGoat](https://owasp.org/www-project-webgoat/), [VulnHub](https://www.vulnhub.com/)
- ❌ Never scan targets without authorization
- ❌ Never use against production systems without permission

The author is not responsible for misuse of this tool.

---

## 🧪 Running Tests

```bash
pip install pytest pytest-asyncio
pytest tests/ -v
```

---

## 🗺️ MITRE ATT&CK® Coverage

| Vulnerability | Tactic | Technique |
|--------------|--------|-----------|
| SQL Injection | Initial Access | T1190 – Exploit Public-Facing Application |
| XSS | Execution | T1059 – Command & Scripting Interpreter |
| SSRF | Discovery | T1083 – File and Directory Discovery |
| Path Traversal | Collection | T1005 – Data from Local System |
| Missing HSTS | Credential Access | T1557 – Adversary-in-the-Middle |
| Insecure Cookie | Credential Access | T1539 – Steal Web Session Cookie |

---

## 🛠️ Technologies Used

| Layer | Technology |
|-------|-----------|
| Backend | Python 3.11, FastAPI, Uvicorn |
| Async HTTP | httpx, asyncio |
| HTML Parsing | BeautifulSoup4, lxml |
| Machine Learning | scikit-learn (Gradient Boosting, StandardScaler) |
| Threat Intel | NIST NVD API, AbuseIPDB API, HaveIBeenPwned API |
| PDF Generation | ReportLab |
| Frontend | Vanilla JS, Chart.js, WebSocket API |
| Containerization | Docker, Docker Compose |
| Testing | pytest, pytest-asyncio |

---

## 📄 License

MIT License — see [LICENSE](LICENSE) for details.

---

## 🙏 References

- [OWASP Top 10 (2021)](https://owasp.org/www-project-top-ten/)
- [MITRE ATT&CK® Framework](https://attack.mitre.org/)
- [NIST National Vulnerability Database](https://nvd.nist.gov/)
- [PortSwigger Web Security Academy](https://portswigger.net/web-security)
- [OWASP Testing Guide v4.2](https://owasp.org/www-project-web-security-testing-guide/)