Share
## https://sploitus.com/exploit?id=82C41AC2-30F6-5E42-807C-21FFE436521F
# ๐ก๏ธ VibeCode-InjectProof
> **Deep SQLi verification engine for authorized security testing with differential analysis and reproducible evidence.**





---
## ๐ Table of Contents
- [Features](#-features)
- [Tech Stack](#-tech-stack)
- [Prerequisites](#-prerequisites)
- [Installation](#-installation)
- [Configuration](#-configuration)
- [Usage](#-usage)
- [Scanner Modules](#-scanner-modules)
- [Project Structure](#-project-structure)
- [API Reference](#-api-reference)
- [Security](#-security)
- [Troubleshooting](#-troubleshooting)
- [License](#-license)
---
## โจ Features
| Category | Capabilities |
|----------|-------------|
| **๐ท๏ธ Smart Crawling** | HTTP + headless browser (Puppeteer stealth), SPA/JS-rendered pages, form/parameter discovery |
| **๐ Vulnerability Detection** | 11 detector modules โ XSS, SQLi, SSRF, CORS, Path Traversal, Open Redirect, Security Headers, Race Condition, HTTP Desync, Prototype Pollution, Cloud Metadata SSRF |
| **๐ Deep SQLi Exploitation** | Havij-style automated exploitation โ DB enumeration, table extraction, data dumping |
| **๐ EASM Recon** | Subdomain enumeration, cloud bucket hunting, leaked secret scanning, shadow API discovery |
| **โ๏ธ Cloud & Infra** | Container escape detection, CI/CD poisoning, internal VPC pivoting |
| **๐ง Cognitive Fuzzing** | Context-aware payload generation, business logic flaw testing |
| **๐ Post-Exploitation** | RCE evidence, schema extraction, internal port scanning |
| **๐ Reporting** | Executive, Technical, Compliance, Full reports in HTML/Markdown/JSON |
| **๐จ Premium UI** | Dark glassmorphism theme, real-time scan progress, interactive dashboards |
| **๐ RBAC** | 5 user roles with JWT authentication |
---
## ๐ ๏ธ Tech Stack
| Layer | Technology |
|-------|-----------|
| Frontend | Next.js 15 (App Router), React 19, Tailwind CSS 3 |
| API | tRPC v11 + SuperJSON |
| Database | SQLite via Prisma ORM v6 |
| Auth | JWT (jose) + bcryptjs |
| Scanner | Custom Node.js engine (11 detectors) |
| Browser | Puppeteer + puppeteer-extra-plugin-stealth |
| HTML Parser | Cheerio |
| UI | Lucide icons, Recharts, date-fns |
---
## ๐ฆ Prerequisites
- **Node.js** 18+ ([download](https://nodejs.org/))
- **npm** (bundled with Node.js) or **pnpm**
- **Chrome / Edge** browser installed (for headless SPA crawling)
- **Git** (optional, for cloning)
---
## ๐ Installation
### Option 1: One-Command Setup
```bash
npm run setup
```
This runs the full chain: `npm install` โ `prisma generate` โ `prisma db push` โ `seed`
### Option 2: Step-by-Step
```bash
# 1. Install dependencies
npm install
# 2. Generate Prisma client
npx prisma generate
# 3. Create database and push schema
npx prisma db push
# 4. Seed default data (admin user + sample target)
npx tsx prisma/seed.ts
# 5. Start development server
npm run dev
```
The app will be available at **http://localhost:3000**
---
## โ๏ธ Configuration
### Environment Variables
Create a `.env` file in the project root (or copy from `.env.example`):
```env
# โโโโโ Database โโโโโ
# SQLite database (auto-created)
DATABASE_URL="file:./vibecode.db"
# โโโโโ Authentication โโโโโ
# โ ๏ธ CHANGE THIS in production!
JWT_SECRET=vibecode-local-secret-key-change-in-production-2024
# โโโโโ Application โโโโโ
NEXT_PUBLIC_APP_NAME=VibeCode
NEXT_PUBLIC_APP_URL=http://localhost:3000
# โโโโโ Scanner Settings โโโโโ
SCANNER_MAX_CONCURRENT=5 # Max concurrent scan threads
SCANNER_REQUEST_TIMEOUT=30000 # Request timeout (ms)
SCANNER_MAX_CRAWL_DEPTH=10 # Max crawl depth
SCANNER_MAX_URLS=500 # Max URLs to discover
SCANNER_USER_AGENT=VibeCode-Scanner/1.0
# โโโโโ Evidence Storage โโโโโ
EVIDENCE_DIR=./evidence
```
### Default Login Credentials
| Role | Email | Password |
|------|-------|----------|
| **Admin** | `admin@vibecode.local` | `admin123` |
| **Pentester** | `pentester@vibecode.local` | `pentester123` |
> โ ๏ธ **Change these immediately in production!**
---
## ๐ Usage
### 1. Start the Server
```bash
# Development (with hot-reload)
npm run dev
# Production
npm run build
npm start
```
### 2. Login
Open **http://localhost:3000** โ Login with credentials above.
### 3. Add a Target
1. Navigate to **Targets** โ **New Target**
2. Enter the target URL (e.g., `https://juice-shop.herokuapp.com`)
3. Configure scan settings:
- **Crawl Depth** โ How deep to follow links (default: 10)
- **Max URLs** โ Maximum pages to discover (default: 500)
- **Rate Limit** โ Requests per second (default: 10)
- **Authentication** โ Optional (token, cookie, session, scripted login)
### 4. Run a Scan
1. Navigate to **Scans** โ **New Scan**
2. Select your target from the dropdown
3. Choose scan profile:
- **Quick** โ Standard detectors only (fastest)
- **Standard** โ Standard + advanced detectors
- **Deep** โ All modules including EASM, cognitive fuzzing, post-exploitation
4. Click **Start Scan**
5. Monitor progress in real-time on the scan detail page
### 5. Review Vulnerabilities
- **Scans** โ Click a completed scan โ View all findings
- **Vulnerabilities** โ Browse/filter all vulnerabilities across scans
- Each vulnerability includes:
- CVSS score + vector
- CWE classification
- OWASP mapping
- Request/response artifacts
- Remediation steps
### 6. Generate Reports
1. Navigate to **Reports** โ **Generate Report**
2. Select a scan
3. Choose report type:
- **Executive** โ High-level summary for management
- **Technical** โ Full technical details for developers
- **Compliance** โ Mapped to OWASP/NIST/ASVS frameworks
- **Full** โ Everything combined
4. Choose format: **HTML** / **Markdown** / **JSON**
5. Download the generated report
---
## ๐ฌ Scanner Modules
### Standard Detectors (7)
| Module | CWE | Description |
|--------|-----|-------------|
| XSS | CWE-79 | Reflected, Stored, DOM-based with context-aware payloads |
| SQLi | CWE-89 | Error-based, boolean-blind, time-based (MySQL/PostgreSQL/MSSQL/SQLite) |
| SSRF | CWE-918 | Internal IP probing, redirect chains, cloud metadata |
| Security Headers | โ | CSP, HSTS, X-Frame-Options, referrer policy |
| CORS | CWE-942 | Origin reflection, null origin, wildcard + credentials |
| Path Traversal | CWE-22 | Directory traversal with encoding bypass |
| Open Redirect | CWE-601 | URL parameter redirect detection |
### Advanced Detectors (4)
| Module | Description |
|--------|-------------|
| Race Condition | HTTP/2 single-packet TOCTOU fuzzing |
| HTTP Desync | CL.TE / TE.CL request smuggling |
| Prototype Pollution | `__proto__` / `constructor.prototype` injection |
| Cloud Metadata SSRF | AWS IMDSv1/v2, GCP, Azure, DigitalOcean, K8s |
### Elite Modules
| Module | Description |
|--------|-------------|
| **EASM** (`easm.ts`) | CT log enumeration, DNS brute-force, bucket hunting, leaked secrets |
| **Cloud Exploit** (`cloud-exploit.ts`) | Container escape, SSRF pivoting, CI/CD poisoning |
| **Cognitive** (`cognitive-exploit.ts`) | AI-driven fuzzing, business logic, rate limit bypass |
| **Post-Exploit** (`post-exploit.ts`) | RCE evidence, schema extraction, port scanning |
| **SQLi Exploiter** (`sqli-exploiter.ts`) | Deep SQLi exploitation โ DB/table/column enumeration + data dump |
---
## ๐ Project Structure
```
pentest/
โโโ prisma/
โ โโโ schema.prisma # Database schema (10 models)
โ โโโ seed.ts # Default data seeder
โ โโโ vibecode.db # SQLite database (auto-generated)
โโโ src/
โ โโโ app/ # Next.js App Router pages
โ โ โโโ globals.css # Design system
โ โ โโโ layout.tsx # Root layout
โ โ โโโ login/ # Login page
โ โ โโโ api/trpc/ # tRPC HTTP handler
โ โ โโโ (platform)/ # Authenticated routes
โ โ โโโ dashboard/ # Stats + charts
โ โ โโโ targets/ # Target CRUD
โ โ โโโ scans/ # Scan management
โ โ โโโ vulnerabilities/ # Vulnerability browser
โ โ โโโ reports/ # Report generation
โ โ โโโ settings/ # Platform settings
โ โโโ components/ # Shared React components
โ โโโ lib/ # Utilities
โ โ โโโ auth.ts # JWT + RBAC
โ โ โโโ cvss.ts # CVSS v3.1 calculator
โ โ โโโ cwe-database.ts # 200+ CWE entries
โ โ โโโ prisma.ts # Prisma client
โ โ โโโ utils.ts # Shared helpers
โ โโโ scanner/ # Scanner engine
โ โ โโโ index.ts # Orchestrator (entry point)
โ โ โโโ crawler.ts # HTTP crawler
โ โ โโโ headless-browser.ts # Stealth Chromium
โ โ โโโ headless-crawler.ts # SPA-aware crawler
โ โ โโโ payloads.ts # Payload engine (52KB)
โ โ โโโ detectors.ts # 7 standard detectors
โ โ โโโ advanced-detectors.ts # 4 advanced detectors
โ โ โโโ sqli-exploiter.ts # Deep SQLi exploitation
โ โ โโโ easm.ts # Attack surface management
โ โ โโโ cloud-exploit.ts # Cloud/infra exploitation
โ โ โโโ cognitive-exploit.ts # AI fuzzing
โ โ โโโ post-exploit.ts # Post-exploitation
โ โ โโโ data/ # External payload databases
โ โโโ server/ # tRPC routers + context
โ โโโ trpc/ # tRPC client config
โ โโโ types/ # Shared TypeScript types
โโโ .env # Environment variables
โโโ .gitignore # Git ignore rules
โโโ package.json # Dependencies + scripts
โโโ tailwind.config.ts # Tailwind configuration
โโโ tsconfig.json # TypeScript configuration
```
---
## ๐ก API Reference
VibeCode uses **tRPC** for type-safe API calls. All routes are under `/api/trpc/`.
### Auth Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `auth.login` | mutation | public | Email/password โ JWT cookie |
| `auth.logout` | mutation | protected | Clear auth cookie |
| `auth.register` | mutation | admin | Create new user |
| `auth.me` | query | protected | Current user profile |
### Target Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `target.list` | query | protected | Paginated target list |
| `target.getById` | query | protected | Single target detail |
| `target.create` | mutation | pentester+ | Create target |
| `target.update` | mutation | pentester+ | Update target config |
| `target.delete` | mutation | admin | Delete target |
### Scan Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `scan.list` | query | protected | Paginated scan list |
| `scan.getById` | query | protected | Scan detail + logs |
| `scan.create` | mutation | pentester+ | Launch new scan |
| `scan.cancel` | mutation | pentester+ | Cancel running scan |
| `scan.getLogs` | query | protected | Scan execution logs |
### Vulnerability Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `vulnerability.list` | query | protected | Filtered vulnerability list |
| `vulnerability.getById` | query | protected | Full detail + evidence |
| `vulnerability.updateStatus` | mutation | pentester+ | Change status |
### Report Router
| Procedure | Type | Auth | Description |
|-----------|------|------|-------------|
| `report.generate` | mutation | pentester+ | Generate report |
| `report.list` | query | protected | List reports |
| `report.getById` | query | protected | Report content |
| `report.download` | query | protected | Download report |
---
## ๐ง NPM Scripts
| Script | Command | Description |
|--------|---------|-------------|
| `npm run dev` | `next dev` | Development server (http://localhost:3000) |
| `npm run build` | `next build` | Production build |
| `npm start` | `next start` | Production server |
| `npm run lint` | `next lint` | ESLint check |
| `npm run db:generate` | `prisma generate` | Regenerate Prisma client |
| `npm run db:push` | `prisma db push` | Push schema to database |
| `npm run db:seed` | `tsx prisma/seed.ts` | Seed default data |
| `npm run db:reset` | Full reset | Drop + re-push + re-seed |
| `npm run db:studio` | `prisma studio` | Visual database browser |
| `npm run setup` | Full setup | install + generate + push + seed |
---
## ๐ฏ Recommended Test Targets
> โ ๏ธ **Only scan targets you own or have explicit permission to test!**
| Target | URL | Notes |
|--------|-----|-------|
| OWASP Juice Shop | `https://juice-shop.herokuapp.com` | Pre-seeded in database |
| DVWA | `http://localhost/dvwa` | Self-hosted |
| WebGoat | `http://localhost:8080/WebGoat` | Self-hosted |
| bWAPP | `http://localhost/bWAPP` | Self-hosted |
| HackTheBox | Various | CTF-style targets |
---
## ๐ Security
### Platform Security
- **CSP Headers** โ Strict Content-Security-Policy
- **HSTS** โ HTTP Strict Transport Security with `includeSubDomains`
- **Frame Protection** โ `X-Frame-Options: DENY`
- **XSS Filter** โ `X-XSS-Protection: 1; mode=block`
- **Content Sniffing** โ `X-Content-Type-Options: nosniff`
- **JWT** โ HttpOnly cookies, HMAC-SHA256 signed
- **Passwords** โ bcrypt with 12 salt rounds
- **RBAC** โ Enforced at tRPC middleware level
### Role Hierarchy
| Role | Level | Capabilities |
|------|-------|-------------|
| `viewer` | 0 | Read-only dashboards |
| `developer` | 1 | View assigned vulnerabilities |
| `pentester` | 2 | Create targets, run scans, generate reports |
| `security_lead` | 3 | Full management + team oversight |
| `admin` | 4 | All operations + user management |
---
## โ Troubleshooting
### Common Issues
**Port 3000 already in use**
```bash
# Windows
netstat -ano | findstr :3000
taskkill /PID /F
# Linux/macOS
lsof -i :3000
kill -9
```
**Prisma client not generated**
```bash
npx prisma generate
```
**Database is empty after setup**
```bash
npx tsx prisma/seed.ts
```
**Headless browser not launching**
- Ensure Chrome or Edge is installed
- Puppeteer will download Chromium automatically on `npm install`
- On Linux, install dependencies: `sudo apt install -y libnss3 libatk-bridge2.0-0 libdrm2 libxcomposite1`
**TypeScript build errors**
```bash
npx tsc --noEmit
```
**Reset everything**
```bash
npm run db:reset
```
---
## โ๏ธ Legal Disclaimer
> **This tool is intended for authorized security testing only.**
> Unauthorized access to computer systems is illegal. Always obtain written permission before testing any target.
> The developers assume no liability for misuse of this software.
---
## ๐ License
Private โ All rights reserved.