Share 
## https://sploitus.com/exploit?id=57E83F6E-0E67-5181-A992-E9C904E4688C
# ⚑ ExploitIQ

**Autonomous AI-Powered Penetration Testing Assistant**

[![Python](https://img.shields.io/badge/Python-3.10%2B-3776AB?style=for-the-badge&logo=python&logoColor=white)](https://python.org)
[![Next.js](https://img.shields.io/badge/Next.js-14-000000?style=for-the-badge&logo=nextdotjs&logoColor=white)](https://nextjs.org)
[![FastAPI](https://img.shields.io/badge/FastAPI-0.100%2B-009688?style=for-the-badge&logo=fastapi&logoColor=white)](https://fastapi.tiangolo.com)
[![Groq](https://img.shields.io/badge/Groq-LLaMA%203%2070B-F55036?style=for-the-badge&logo=meta&logoColor=white)](https://console.groq.com)
[![License](https://img.shields.io/badge/License-MIT-green?style=for-the-badge)](LICENSE)

Enter a target. Watch real-time reconnaissance unfold. Surface vulnerabilities, retrieve exploit intelligence, and receive AI-generated risk analysis β€” all from a sleek cyberpunk interface.



---

## πŸ–₯️ Screenshots


Landing Page


![Landing Page](images/landing-page.png)




Scan Console


![Scan Console](images/scanning-page.png)




Open Ports & Services


![Open Ports & Services](images/demo-open-port.png)




Vulnerability Report


![Vulnerability Report](images/demo-vulnerabilities.png)




Groq AI Threat Analysis


![AI Threat Analysis](images/demo-ai-analysis.png)



---

## ✨ Features

| Feature | Description |
|---|---|
| πŸ”­ **Real-Time Log Streaming** | Watch each scan phase over WebSocket as it happens |
| πŸ—ΊοΈ **nmap Integration** | Service and version detection across all ports |
| 🌐 **nikto Web Scanner** | Web vulnerability scanning for HTTP targets |
| πŸ’£ **searchsploit / Exploit-DB** | Match findings against thousands of known exploits |
| πŸ€– **Groq AI Analysis** | LLaMA 3 70B threat explanation and remediation advice |
| πŸ“„ **JSON Report Export** | Structured report saved locally after every scan |
| 🎨 **Cyberpunk UI** | Responsive Next.js frontend with a dark hacker aesthetic |

---

## πŸ—οΈ Architecture

```
ExploitIQ/
β”œβ”€β”€ backend/
β”‚   β”œβ”€β”€ app/
β”‚   β”‚   β”œβ”€β”€ main.py              FastAPI entry point
β”‚   β”‚   β”œβ”€β”€ api/routes.py        WebSocket + REST endpoints
β”‚   β”‚   β”œβ”€β”€ core/
β”‚   β”‚   β”‚   β”œβ”€β”€ config.py        Pydantic settings from .env
β”‚   β”‚   β”‚   β”œβ”€β”€ logger.py        Structured logging
β”‚   β”‚   β”‚   └── groq_client.py   Groq API integration
β”‚   β”‚   β”œβ”€β”€ agents/
β”‚   β”‚   β”‚   β”œβ”€β”€ recon.py         DNS resolution + target validation
β”‚   β”‚   β”‚   β”œβ”€β”€ scanner.py       nmap + nikto execution
β”‚   β”‚   β”‚   β”œβ”€β”€ analyzer.py      Parse and structure scan output
β”‚   β”‚   β”‚   β”œβ”€β”€ exploiter.py     searchsploit query and parse
β”‚   β”‚   β”‚   └── reporter.py      JSON report serialization
β”‚   β”‚   └── utils/parser.py      nmap + nikto output parsers
β”‚   β”œβ”€β”€ logs/                    Runtime logs
β”‚   β”œβ”€β”€ reports/                 JSON scan reports
β”‚   β”œβ”€β”€ requirements.txt
β”‚   └── .env.example
β”‚
└── frontend/
    β”œβ”€β”€ app/
    β”‚   β”œβ”€β”€ layout.tsx
    β”‚   β”œβ”€β”€ page.tsx             Main page
    β”‚   └── globals.css          Theme + animations
    β”œβ”€β”€ components/
    β”‚   β”œβ”€β”€ Hero.tsx
    β”‚   β”œβ”€β”€ ScanInput.tsx
    β”‚   β”œβ”€β”€ LogsPanel.tsx
    β”‚   β”œβ”€β”€ ResultsPanel.tsx
    β”‚   └── ui/                  Shared UI components
    β”œβ”€β”€ hooks/useScan.ts         WebSocket scan logic
    β”œβ”€β”€ types/index.ts           Shared TypeScript types
    └── lib/utils.ts             Helpers
```

---

## πŸš€ Installation

### Prerequisites

Make sure the following tools are installed and available in your `PATH`:

| Tool | Install |
|---|---|
| **nmap** | `sudo apt install nmap` Β· [Windows](https://nmap.org/download.html) |
| **nikto** | `sudo apt install nikto` Β· Windows: `perl nikto.pl` (requires Perl) |
| **searchsploit** | `sudo apt install exploitdb` Β· [Manual](https://github.com/offensive-security/exploitdb) |
| **Python 3.10+** | [python.org](https://python.org/downloads) |
| **Node.js 18+** | [nodejs.org](https://nodejs.org) |

---

### Backend Setup

```bash
cd ExploitIQ/backend

# Create and activate virtual environment
python -m venv venv
source venv/bin/activate        # Linux / macOS
# venv\Scripts\activate         # Windows

# Install dependencies
pip install -r requirements.txt

# Configure environment
cp .env.example .env
# Edit .env and set your GROQ_API_KEY

# Start backend
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000
```

---

### Frontend Setup

```bash
cd ExploitIQ/frontend

# Install dependencies
npm install

# Configure environment (optional β€” if backend is on a different host/port)
cp .env.example .env.local

# Start development server
npm run dev
```

Open [http://localhost:3000](http://localhost:3000) in your browser.

---

## πŸ› οΈ Usage

1. Start both the **backend** and **frontend** servers.
2. Open the frontend in your browser at `http://localhost:3000`.
3. Enter a **target IP, hostname, or URL** in the scan input.
4. Toggle **Web Scan** (nikto) and **AI Analysis** (Groq) as desired.
5. Click **"Initialize Scan"**.
6. Watch real-time logs stream in as `nmap`, `nikto`, and `searchsploit` execute.
7. Review results across four tabs:
   - **Ports & Services** β€” Discovered open ports with protocol and version
   - **Vulnerabilities** β€” Categorized findings by severity (Critical / Medium / Low)
   - **Exploit Intel** β€” Matched exploits from Exploit-DB
   - **AI Analysis** β€” Groq LLaMA 3 threat assessment and remediation plan
8. Find the saved JSON report in `backend/reports/`.

---

## πŸ”Œ Optional: go-exploitdb Backend

ExploitIQ supports two exploit search backends:

- `searchsploit` β€” Default, offline Exploit-DB search
- `go-exploitdb` β€” CVE-based API mode via a local go-exploitdb server

### Setup go-exploitdb

```bash
# One-time fetch + start go-exploitdb
./start_exploitdb.sh --fetch

# Then run backend (auto-detects and starts go-exploitdb when configured)
./start_backend.sh
```

### Configure `.env`

```env
EXPLOIT_SEARCH_BACKEND=go-exploitdb
GO_EXPLOITDB_URL=http://127.0.0.1:1326
GO_EXPLOITDB_TIMEOUT=10
GO_EXPLOITDB_FETCH_ON_START=false
```

> **Note:** go-exploitdb lookups are CVE-based. If no CVEs are available or no matches are found, ExploitIQ automatically falls back to `searchsploit`.

---

## πŸ”‘ Getting a Groq API Key

1. Go to [https://console.groq.com](https://console.groq.com)
2. Create a free account.
3. Generate an API key.
4. Add it to `backend/.env`:
   ```env
   GROQ_API_KEY=your_key_here
   ```

---

## βš™οΈ Quick Start Scripts

For convenience, platform-specific scripts are included:

| Script | Purpose |
|---|---|
| `start_backend.sh` / `.bat` | Set up and launch the Python backend |
| `start_frontend.sh` / `.bat` | Launch the Next.js frontend |
| `start_exploitdb.sh` | Fetch and start the go-exploitdb server |

---

## ⚠️ Ethical Disclaimer

> This tool is intended **exclusively** for authorized penetration testing, security research, and educational purposes on systems you own or have **explicit written permission** to test.

Unauthorized scanning or probing of systems you do not own is **illegal** in most jurisdictions and may violate computer fraud and abuse laws including the CFAA (USA) and equivalent legislation elsewhere.

**The authors assume no responsibility or liability for misuse of this software. Always obtain proper authorization before conducting any security assessment.**

---



Made with ⚑ for the security community