Share
## https://sploitus.com/exploit?id=82C41AC2-30F6-5E42-807C-21FFE436521F
# ๐Ÿ›ก๏ธ VibeCode-InjectProof

> **Deep SQLi verification engine for authorized security testing with differential analysis and reproducible evidence.**

![Next.js](https://img.shields.io/badge/Next.js-15-black?logo=next.js)
![React](https://img.shields.io/badge/React-19-61DAFB?logo=react)
![TypeScript](https://img.shields.io/badge/TypeScript-5.7-3178C6?logo=typescript)
![Prisma](https://img.shields.io/badge/Prisma-6-2D3748?logo=prisma)
![tRPC](https://img.shields.io/badge/tRPC-11-398CCB?logo=trpc)

---

## ๐Ÿ“‹ Table of Contents

- [Features](#-features)
- [Tech Stack](#-tech-stack)
- [Prerequisites](#-prerequisites)
- [Installation](#-installation)
- [Configuration](#-configuration)
- [Usage](#-usage)
- [Scanner Modules](#-scanner-modules)
- [Project Structure](#-project-structure)
- [API Reference](#-api-reference)
- [Security](#-security)
- [Troubleshooting](#-troubleshooting)
- [License](#-license)

---

## โœจ Features

| Category | Capabilities |
|----------|-------------|
| **๐Ÿ•ท๏ธ Smart Crawling** | HTTP + headless browser (Puppeteer stealth), SPA/JS-rendered pages, form/parameter discovery |
| **๐Ÿ” Vulnerability Detection** | 11 detector modules โ€” XSS, SQLi, SSRF, CORS, Path Traversal, Open Redirect, Security Headers, Race Condition, HTTP Desync, Prototype Pollution, Cloud Metadata SSRF |
| **๐Ÿ’‰ Deep SQLi Exploitation** | Havij-style automated exploitation โ€” DB enumeration, table extraction, data dumping |
| **๐ŸŒ EASM Recon** | Subdomain enumeration, cloud bucket hunting, leaked secret scanning, shadow API discovery |
| **โ˜๏ธ Cloud & Infra** | Container escape detection, CI/CD poisoning, internal VPC pivoting |
| **๐Ÿง  Cognitive Fuzzing** | Context-aware payload generation, business logic flaw testing |
| **๐Ÿ”“ Post-Exploitation** | RCE evidence, schema extraction, internal port scanning |
| **๐Ÿ“Š Reporting** | Executive, Technical, Compliance, Full reports in HTML/Markdown/JSON |
| **๐ŸŽจ Premium UI** | Dark glassmorphism theme, real-time scan progress, interactive dashboards |
| **๐Ÿ” RBAC** | 5 user roles with JWT authentication |

---

## ๐Ÿ› ๏ธ Tech Stack

| Layer | Technology |
|-------|-----------|
| Frontend | Next.js 15 (App Router), React 19, Tailwind CSS 3 |
| API | tRPC v11 + SuperJSON |
| Database | SQLite via Prisma ORM v6 |
| Auth | JWT (jose) + bcryptjs |
| Scanner | Custom Node.js engine (11 detectors) |
| Browser | Puppeteer + puppeteer-extra-plugin-stealth |
| HTML Parser | Cheerio |
| UI | Lucide icons, Recharts, date-fns |

---

## ๐Ÿ“ฆ Prerequisites

- **Node.js** 18+ ([download](https://nodejs.org/))
- **npm** (bundled with Node.js) or **pnpm**
- **Chrome / Edge** browser installed (for headless SPA crawling)
- **Git** (optional, for cloning)

---

## ๐Ÿš€ Installation

### Option 1: One-Command Setup

```bash
npm run setup
```

This runs the full chain: `npm install` โ†’ `prisma generate` โ†’ `prisma db push` โ†’ `seed`

### Option 2: Step-by-Step

```bash
# 1. Install dependencies
npm install

# 2. Generate Prisma client
npx prisma generate

# 3. Create database and push schema
npx prisma db push

# 4. Seed default data (admin user + sample target)
npx tsx prisma/seed.ts

# 5. Start development server
npm run dev
```

The app will be available at **http://localhost:3000**

---

## โš™๏ธ Configuration

### Environment Variables

Create a `.env` file in the project root (or copy from `.env.example`):

```env
# โ”€โ”€โ”€โ”€โ”€ Database โ”€โ”€โ”€โ”€โ”€
# SQLite database (auto-created)
DATABASE_URL="file:./vibecode.db"

# โ”€โ”€โ”€โ”€โ”€ Authentication โ”€โ”€โ”€โ”€โ”€
# โš ๏ธ CHANGE THIS in production!
JWT_SECRET=vibecode-local-secret-key-change-in-production-2024

# โ”€โ”€โ”€โ”€โ”€ Application โ”€โ”€โ”€โ”€โ”€
NEXT_PUBLIC_APP_NAME=VibeCode
NEXT_PUBLIC_APP_URL=http://localhost:3000

# โ”€โ”€โ”€โ”€โ”€ Scanner Settings โ”€โ”€โ”€โ”€โ”€
SCANNER_MAX_CONCURRENT=5          # Max concurrent scan threads
SCANNER_REQUEST_TIMEOUT=30000     # Request timeout (ms)
SCANNER_MAX_CRAWL_DEPTH=10        # Max crawl depth
SCANNER_MAX_URLS=500              # Max URLs to discover
SCANNER_USER_AGENT=VibeCode-Scanner/1.0

# โ”€โ”€โ”€โ”€โ”€ Evidence Storage โ”€โ”€โ”€โ”€โ”€
EVIDENCE_DIR=./evidence
```

### Default Login Credentials

| Role | Email | Password |
|------|-------|----------|
| **Admin** | `admin@vibecode.local` | `admin123` |
| **Pentester** | `pentester@vibecode.local` | `pentester123` |

> โš ๏ธ **Change these immediately in production!**

---

## ๐Ÿ“– Usage

### 1. Start the Server

```bash
# Development (with hot-reload)
npm run dev

# Production
npm run build
npm start
```

### 2. Login

Open **http://localhost:3000** โ†’ Login with credentials above.

### 3. Add a Target

1. Navigate to **Targets** โ†’ **New Target**
2. Enter the target URL (e.g., `https://juice-shop.herokuapp.com`)
3. Configure scan settings:
   - **Crawl Depth** โ€” How deep to follow links (default: 10)
   - **Max URLs** โ€” Maximum pages to discover (default: 500)
   - **Rate Limit** โ€” Requests per second (default: 10)
   - **Authentication** โ€” Optional (token, cookie, session, scripted login)

### 4. Run a Scan

1. Navigate to **Scans** โ†’ **New Scan**
2. Select your target from the dropdown
3. Choose scan profile:
   - **Quick** โ€” Standard detectors only (fastest)
   - **Standard** โ€” Standard + advanced detectors
   - **Deep** โ€” All modules including EASM, cognitive fuzzing, post-exploitation
4. Click **Start Scan**
5. Monitor progress in real-time on the scan detail page

### 5. Review Vulnerabilities

- **Scans** โ†’ Click a completed scan โ†’ View all findings
- **Vulnerabilities** โ†’ Browse/filter all vulnerabilities across scans
- Each vulnerability includes:
  - CVSS score + vector
  - CWE classification
  - OWASP mapping
  - Request/response artifacts
  - Remediation steps

### 6. Generate Reports

1. Navigate to **Reports** โ†’ **Generate Report**
2. Select a scan
3. Choose report type:
   - **Executive** โ€” High-level summary for management
   - **Technical** โ€” Full technical details for developers
   - **Compliance** โ€” Mapped to OWASP/NIST/ASVS frameworks
   - **Full** โ€” Everything combined
4. Choose format: **HTML** / **Markdown** / **JSON**
5. Download the generated report

---

## ๐Ÿ”ฌ Scanner Modules

### Standard Detectors (7)

| Module | CWE | Description |
|--------|-----|-------------|
| XSS | CWE-79 | Reflected, Stored, DOM-based with context-aware payloads |
| SQLi | CWE-89 | Error-based, boolean-blind, time-based (MySQL/PostgreSQL/MSSQL/SQLite) |
| SSRF | CWE-918 | Internal IP probing, redirect chains, cloud metadata |
| Security Headers | โ€” | CSP, HSTS, X-Frame-Options, referrer policy |
| CORS | CWE-942 | Origin reflection, null origin, wildcard + credentials |
| Path Traversal | CWE-22 | Directory traversal with encoding bypass |
| Open Redirect | CWE-601 | URL parameter redirect detection |

### Advanced Detectors (4)

| Module | Description |
|--------|-------------|
| Race Condition | HTTP/2 single-packet TOCTOU fuzzing |
| HTTP Desync | CL.TE / TE.CL request smuggling |
| Prototype Pollution | `__proto__` / `constructor.prototype` injection |
| Cloud Metadata SSRF | AWS IMDSv1/v2, GCP, Azure, DigitalOcean, K8s |

### Elite Modules

| Module | Description |
|--------|-------------|
| **EASM** (`easm.ts`) | CT log enumeration, DNS brute-force, bucket hunting, leaked secrets |
| **Cloud Exploit** (`cloud-exploit.ts`) | Container escape, SSRF pivoting, CI/CD poisoning |
| **Cognitive** (`cognitive-exploit.ts`) | AI-driven fuzzing, business logic, rate limit bypass |
| **Post-Exploit** (`post-exploit.ts`) | RCE evidence, schema extraction, port scanning |
| **SQLi Exploiter** (`sqli-exploiter.ts`) | Deep SQLi exploitation โ€” DB/table/column enumeration + data dump |

---

## ๐Ÿ“‚ Project Structure

```
pentest/
โ”œโ”€โ”€ prisma/
โ”‚   โ”œโ”€โ”€ schema.prisma          # Database schema (10 models)
โ”‚   โ”œโ”€โ”€ seed.ts                # Default data seeder
โ”‚   โ””โ”€โ”€ vibecode.db            # SQLite database (auto-generated)
โ”œโ”€โ”€ src/
โ”‚   โ”œโ”€โ”€ app/                   # Next.js App Router pages
โ”‚   โ”‚   โ”œโ”€โ”€ globals.css        # Design system
โ”‚   โ”‚   โ”œโ”€โ”€ layout.tsx         # Root layout
โ”‚   โ”‚   โ”œโ”€โ”€ login/             # Login page
โ”‚   โ”‚   โ”œโ”€โ”€ api/trpc/          # tRPC HTTP handler
โ”‚   โ”‚   โ””โ”€โ”€ (platform)/        # Authenticated routes
โ”‚   โ”‚       โ”œโ”€โ”€ dashboard/     # Stats + charts
โ”‚   โ”‚       โ”œโ”€โ”€ targets/       # Target CRUD
โ”‚   โ”‚       โ”œโ”€โ”€ scans/         # Scan management
โ”‚   โ”‚       โ”œโ”€โ”€ vulnerabilities/ # Vulnerability browser
โ”‚   โ”‚       โ”œโ”€โ”€ reports/       # Report generation
โ”‚   โ”‚       โ””โ”€โ”€ settings/      # Platform settings
โ”‚   โ”œโ”€โ”€ components/            # Shared React components
โ”‚   โ”œโ”€โ”€ lib/                   # Utilities
โ”‚   โ”‚   โ”œโ”€โ”€ auth.ts            # JWT + RBAC
โ”‚   โ”‚   โ”œโ”€โ”€ cvss.ts            # CVSS v3.1 calculator
โ”‚   โ”‚   โ”œโ”€โ”€ cwe-database.ts    # 200+ CWE entries
โ”‚   โ”‚   โ”œโ”€โ”€ prisma.ts          # Prisma client
โ”‚   โ”‚   โ””โ”€โ”€ utils.ts           # Shared helpers
โ”‚   โ”œโ”€โ”€ scanner/               # Scanner engine
โ”‚   โ”‚   โ”œโ”€โ”€ index.ts           # Orchestrator (entry point)
โ”‚   โ”‚   โ”œโ”€โ”€ crawler.ts         # HTTP crawler
โ”‚   โ”‚   โ”œโ”€โ”€ headless-browser.ts # Stealth Chromium
โ”‚   โ”‚   โ”œโ”€โ”€ headless-crawler.ts # SPA-aware crawler
โ”‚   โ”‚   โ”œโ”€โ”€ payloads.ts        # Payload engine (52KB)
โ”‚   โ”‚   โ”œโ”€โ”€ detectors.ts       # 7 standard detectors
โ”‚   โ”‚   โ”œโ”€โ”€ advanced-detectors.ts # 4 advanced detectors
โ”‚   โ”‚   โ”œโ”€โ”€ sqli-exploiter.ts  # Deep SQLi exploitation
โ”‚   โ”‚   โ”œโ”€โ”€ easm.ts            # Attack surface management
โ”‚   โ”‚   โ”œโ”€โ”€ cloud-exploit.ts   # Cloud/infra exploitation
โ”‚   โ”‚   โ”œโ”€โ”€ cognitive-exploit.ts # AI fuzzing
โ”‚   โ”‚   โ”œโ”€โ”€ post-exploit.ts    # Post-exploitation
โ”‚   โ”‚   โ””โ”€โ”€ data/              # External payload databases
โ”‚   โ”œโ”€โ”€ server/                # tRPC routers + context
โ”‚   โ”œโ”€โ”€ trpc/                  # tRPC client config
โ”‚   โ””โ”€โ”€ types/                 # Shared TypeScript types
โ”œโ”€โ”€ .env                       # Environment variables
โ”œโ”€โ”€ .gitignore                 # Git ignore rules
โ”œโ”€โ”€ package.json               # Dependencies + scripts
โ”œโ”€โ”€ tailwind.config.ts         # Tailwind configuration
โ””โ”€โ”€ tsconfig.json              # TypeScript configuration
```

---

## ๐Ÿ“ก API Reference

VibeCode uses **tRPC** for type-safe API calls. All routes are under `/api/trpc/`.

### Auth Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `auth.login` | mutation | public | Email/password โ†’ JWT cookie |
| `auth.logout` | mutation | protected | Clear auth cookie |
| `auth.register` | mutation | admin | Create new user |
| `auth.me` | query | protected | Current user profile |

### Target Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `target.list` | query | protected | Paginated target list |
| `target.getById` | query | protected | Single target detail |
| `target.create` | mutation | pentester+ | Create target |
| `target.update` | mutation | pentester+ | Update target config |
| `target.delete` | mutation | admin | Delete target |

### Scan Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `scan.list` | query | protected | Paginated scan list |
| `scan.getById` | query | protected | Scan detail + logs |
| `scan.create` | mutation | pentester+ | Launch new scan |
| `scan.cancel` | mutation | pentester+ | Cancel running scan |
| `scan.getLogs` | query | protected | Scan execution logs |

### Vulnerability Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `vulnerability.list` | query | protected | Filtered vulnerability list |
| `vulnerability.getById` | query | protected | Full detail + evidence |
| `vulnerability.updateStatus` | mutation | pentester+ | Change status |

### Report Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `report.generate` | mutation | pentester+ | Generate report |
| `report.list` | query | protected | List reports |
| `report.getById` | query | protected | Report content |
| `report.download` | query | protected | Download report |

---

## ๐Ÿ”ง NPM Scripts

| Script | Command | Description |
|--------|---------|-------------|
| `npm run dev` | `next dev` | Development server (http://localhost:3000) |
| `npm run build` | `next build` | Production build |
| `npm start` | `next start` | Production server |
| `npm run lint` | `next lint` | ESLint check |
| `npm run db:generate` | `prisma generate` | Regenerate Prisma client |
| `npm run db:push` | `prisma db push` | Push schema to database |
| `npm run db:seed` | `tsx prisma/seed.ts` | Seed default data |
| `npm run db:reset` | Full reset | Drop + re-push + re-seed |
| `npm run db:studio` | `prisma studio` | Visual database browser |
| `npm run setup` | Full setup | install + generate + push + seed |

---

## ๐ŸŽฏ Recommended Test Targets

> โš ๏ธ **Only scan targets you own or have explicit permission to test!**

| Target | URL | Notes |
|--------|-----|-------|
| OWASP Juice Shop | `https://juice-shop.herokuapp.com` | Pre-seeded in database |
| DVWA | `http://localhost/dvwa` | Self-hosted |
| WebGoat | `http://localhost:8080/WebGoat` | Self-hosted |
| bWAPP | `http://localhost/bWAPP` | Self-hosted |
| HackTheBox | Various | CTF-style targets |

---

## ๐Ÿ” Security

### Platform Security
- **CSP Headers** โ€” Strict Content-Security-Policy
- **HSTS** โ€” HTTP Strict Transport Security with `includeSubDomains`
- **Frame Protection** โ€” `X-Frame-Options: DENY`
- **XSS Filter** โ€” `X-XSS-Protection: 1; mode=block`
- **Content Sniffing** โ€” `X-Content-Type-Options: nosniff`
- **JWT** โ€” HttpOnly cookies, HMAC-SHA256 signed
- **Passwords** โ€” bcrypt with 12 salt rounds
- **RBAC** โ€” Enforced at tRPC middleware level

### Role Hierarchy

| Role | Level | Capabilities |
|------|-------|-------------|
| `viewer` | 0 | Read-only dashboards |
| `developer` | 1 | View assigned vulnerabilities |
| `pentester` | 2 | Create targets, run scans, generate reports |
| `security_lead` | 3 | Full management + team oversight |
| `admin` | 4 | All operations + user management |

---

## โ“ Troubleshooting

### Common Issues

**Port 3000 already in use**
```bash
# Windows
netstat -ano | findstr :3000
taskkill /PID  /F

# Linux/macOS
lsof -i :3000
kill -9 
```

**Prisma client not generated**
```bash
npx prisma generate
```

**Database is empty after setup**
```bash
npx tsx prisma/seed.ts
```

**Headless browser not launching**
- Ensure Chrome or Edge is installed
- Puppeteer will download Chromium automatically on `npm install`
- On Linux, install dependencies: `sudo apt install -y libnss3 libatk-bridge2.0-0 libdrm2 libxcomposite1`

**TypeScript build errors**
```bash
npx tsc --noEmit
```

**Reset everything**
```bash
npm run db:reset
```

---

## โš–๏ธ Legal Disclaimer

> **This tool is intended for authorized security testing only.**
> Unauthorized access to computer systems is illegal. Always obtain written permission before testing any target.
> The developers assume no liability for misuse of this software.

---

## ๐Ÿ“„ License

Private โ€” All rights reserved.