## https://sploitus.com/exploit?id=7FB13D9A-A6C5-5E18-9401-704A2693C3A0
# Vulnerability Scanner
A security vulnerability detection tool developed in Go and Python. It supports custom POCs, batch scanning, graphical interfaces, and other features. ## Features
- **Graphical Interface**: A user-friendly interface developed using PyQt5.
- **POC Management**: An independent POC library that supports YAML definitions and allows custom POCs.
- **POC Classification**: Supports classification management for CVEs, vendor vulnerabilities, etc.
- **Import/Export**: Supports importing and exporting POCs by category.
- **Batch Scanning**: Supports batch scanning of IPs and ports.
- **Configurable**: Parameters such as concurrent scanning threads and timeout periods can be configured.
- **Real-time Progress**: Displays scanning progress and results in real-time.
- **Result Export**: Supports exporting scanning results in JSON format.
## Project Structure
```
VulnerabilityScanner/
├── backend/ # Go backend
│ ├── api/ # API service layer
│ ├── poc/ # POC management module
│ ├── scanner/ # Scanning engine module
│ ├── main.go # Program entry point
│ └── go.mod # Go module dependencies
├── frontend/ # Python frontend
│ └── main.py # Graphical interface
├── pocs/ # POC library directory
│ ├── cve/ # CVE vulnerability POCs
│ ├── vendor/ # Vendor vulnerability POCs
│ └── others/ # Other POCs
└── docs/ # Documentation directory
└── POCWritingRules.md # POC writing rules
```
## Technology Stack
### Backend (Go)
- Go 1.21+
- net/http (Web framework)
- gopkg.in/yaml.v3 (YAML parsing)
### Frontend (Python)
- Python 3.8+
- PyQt5 (GUI framework)
- requests (HTTP client)
## Quick Start
### Environment Requirements
- Go 1.21+
- Python 3.8+
### Install Dependencies
**Backend Dependencies:**
```bash
cd backend
go mod download
```
**Frontend Dependencies:**
```bash
pip install PyQt5 requests
```
### Run the Program
1. **Start the backend service**
```bash
cd backend
go run main.go
```
2. **Start the frontend interface**
```bash
cd frontend
python main.py
```
### Command Line Parameters
Parameters supported by the backend service:
```
-port int API server port (default 8080)
-pocs string POC directory path (default ../pocs)
-workers int Maximum concurrent scanning threads (default 50)
-timeout int Default timeout (seconds) (default 10)
-version Display version information
```
## Usage Instructions
### Scanning Process
1. **Configure targets**
- Enter the IP address or domain name in the “Scan” tab.
- Configure ports (supporting single ports, port ranges like 8000-9000, multiple ports like 80, 443).
2. **Select POCs**
- Filter POCs by category.
- Check the POCs you want to use.
3. **Configure scanning parameters**
- Set the number of concurrent threads (1-200).
- Set the timeout (1-60 seconds).
4. **Start scanning**
- Click the “Start Scanning” button.
- View progress and results in the “Scan Results” tab.
5. **Process results**
- View targets with vulnerabilities.
- Export scanning results.
### POC Management
- **Import POCs**: Click “Import POC” in the “POC Management” tab.
- **Export POCs**: Select a POC and click “Export POC”.
- **Reload POCs**: Click “Reload POCs” to refresh the POC library.
## Documentation
- [POC Writing Rules](docs/POCWritingRules.md) - POC format specifications and writing guidelines
## API Interfaces
Basic URL: `http://localhost:8080/api`
| Interface | Method | Description |
|----------|---------|-------------|
| /pocs | GET | Get list of POCs |
| /pocs/{id} | GET | Get individual POC |
| /pocs/upload | POST | Upload POC |
| /pocs/export | POST | Export POC |
| /pocs/{id} | DELETE | Delete POC |
| /pocs/reload | POST | Reload POC |
| /scan/start | POST | Start scanning |
| /scan/stop | POST | Stop scanning |
| /scan/status | GET | Get scanning status |
| /scan/results | GET | Get scanning results |
| /categories | GET | Get category list |
| /stats | GET | Get statistical information |
| /health | GET | Health check |
## POC Writing
POCs are defined in YAML format. The basic structure is as follows:
```yaml
name: "POC Name"
id: "poc-unique-id"
category: "CVE"
severity: "Critical"
description: "Vulnerability description"
author: "Author"
version: "1.0.0"
references:
- "Reference link"
tags:
- "Tags"
target:
protocol: "http"
path: "/path"
method: "GET"
headers: {...}
body: ""
timeout: 10
conditions:
- type: "status"
operator: "equals"
value: 200
```
For detailed POC writing rules, please refer to [POCWritingRules.md](docs/POCWritingRules.md). ## License
This project is for educational purposes only. ## Disclaimer
This tool is used solely for security research and authorized penetration testing. Any unauthorized use of this tool is illegal. Users must bear the corresponding legal responsibilities.