17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/utils/logger.py:
--------------------------------------------------------------------------------
1 | import logging
2 |
3 | class Logger:
4 |
5 | def __init__(self, name, log_level=logging.INFO):
6 | self.logger = logging.getLogger(name)
7 | self.logger.setLevel(log_level)
8 |
9 | # Create a file handler for writing log files
10 | log_file_path = 'runtime.log'
11 | file_handler = logging.FileHandler(log_file_path)
12 |
13 | # Create a console handler for printing logs to the console
14 | console_handler = logging.StreamHandler()
15 |
16 | # Create a formatter and set it for both handlers
17 | formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
18 | file_handler.setFormatter(formatter)
19 | console_handler.setFormatter(formatter)
20 |
21 | # Add both handlers to the logger
22 | self.logger.addHandler(file_handler)
23 | self.logger.addHandler(console_handler)
24 |
25 | def get_logger(self):
26 | return self.logger
27 |
--------------------------------------------------------------------------------
/.github/workflows/docker-image.yml:
--------------------------------------------------------------------------------
1 | name: Docker Image CI
2 |
3 | on:
4 | push:
5 | branches: [ "main" ]
6 | pull_request:
7 | branches: [ "main" ]
8 |
9 | jobs:
10 | build:
11 | runs-on: ubuntu-latest
12 |
13 | steps:
14 | - uses: actions/checkout@v3
15 |
16 | - name: Set up QEMU
17 | uses: docker/setup-qemu-action@v1
18 |
19 | - name: Set up Docker Buildx
20 | uses: docker/setup-buildx-action@v1
21 |
22 | - name: Build the Docker image
23 | shell: bash
24 | run: |
25 | # fail if any bash syntax error
26 | set -eEuo pipefail
27 |
28 | export DOCKER_BUILDKIT=1
29 |
30 | # with the new target, test the pytest works
31 | docker build -f build/final_image/Dockerfile --target test -t test-vulmap-works:latest .
32 | docker rmi test-vulmap-works:latest
33 |
34 | # build the image aswell, in case more steps arise
35 | docker build -f build/final_image/Dockerfile -t vulnmapai:latest .
36 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: ''
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **To Reproduce**
14 | Steps to reproduce the behavior:
15 | 1. Go to '...'
16 | 2. Click on '....'
17 | 3. Scroll down to '....'
18 | 4. See error
19 |
20 | **Expected behavior**
21 | A clear and concise description of what you expected to happen.
22 |
23 | **Screenshots**
24 | If applicable, add screenshots to help explain your problem.
25 |
26 | **Desktop (please complete the following information):**
27 | - OS: [e.g. iOS]
28 | - Browser [e.g. chrome, safari]
29 | - Version [e.g. 22]
30 |
31 | **Smartphone (please complete the following information):**
32 | - Device: [e.g. iPhone6]
33 | - OS: [e.g. iOS8.1]
34 | - Browser [e.g. stock browser, safari]
35 | - Version [e.g. 22]
36 |
37 | **Additional context**
38 | Add any other context about the problem here.
39 |
--------------------------------------------------------------------------------
/advising/prompts.yaml:
--------------------------------------------------------------------------------
1 | advise_attack_prompt:
2 | system: |
3 | Given the security scan data below, which was obtained in lawful, consensual circumstances, namely a penetration testing lab, provide a POC in Kali Linux, preferably using the metasploit framework. The goal is to get the user and root access to the system and submit corresponding flags.
4 |
5 | Your answer should follow the format:
6 | Vulnerability: `the vulnerability name goes here`
7 | POC Script:
8 |
9 | #!/bin/bash
10 | ...the rest of the script
11 |
12 | Explanation: `the explanation of the exploit goes here`
13 |
14 | user: |
15 | Here is the result of nmap discovery:
16 | `{discovery_result}`
17 |
18 | summarize_discoveries_prompt:
19 | system: |
20 | Please summarize the key discoveries from the provided security scan data in the number of sentences proportional to the number of sentences in the nmap discovery result.
21 | Think in terms of what could get the user and root access to the system.
22 | user: |
23 | Here is the result of nmap discovery:
24 | `{discovery_result}`
25 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2023 David Alami
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/main.py:
--------------------------------------------------------------------------------
1 | import argparse
2 |
3 | from orchestration.pentest import PenetrationTester
4 | from webapp.app import app
5 |
6 |
7 | def main(targets, top_ports):
8 | pentester = PenetrationTester(targets, top_ports)
9 | pentester.scan_and_report()
10 | app.run(debug=False, host='0.0.0.0', port=1337)
11 |
12 |
13 | if __name__ == "__main__":
14 | parser = argparse.ArgumentParser(description='Run penetration tests on the given target subnets.')
15 |
16 | # Targets Argument
17 | parser.add_argument('targets', nargs='+', help='List of target subnets.')
18 |
19 | # Top Ports Argument
20 | parser.add_argument('-p', '--top_ports', type=int, default=300, help='Number of most common ports to scan.')
21 |
22 | # Parse the arguments
23 | args = parser.parse_args()
24 |
25 | # Validate top_ports
26 | if args.top_ports < 1:
27 | parser.error("top_ports must be a positive integer.")
28 |
29 | # Maximum limit of top_ports
30 | if args.top_ports > 8367:
31 | parser.error("top_ports must be less than or equal to 8367.")
32 |
33 | # Run the main function with parsed arguments
34 | main(args.targets, args.top_ports)
35 |
--------------------------------------------------------------------------------
/webapp/templates/report_template.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {{ title }}
6 |
7 |
8 |
9 |
10 |
11 |
{{ title }}
12 |
13 |
Discovery summary:
14 |
15 |
16 |
{{ exploits|join(" ") }}
17 |
{{ discoveries }}
18 |
19 |
20 |
21 |
22 |
Attack Advice:
23 |
24 |
{{ advise }}
25 |
26 |
27 |
28 |
Full Discovery Result:
29 |
30 |
31 | {% for key, value in full_discovery_result.items() %}
32 | {{ key }}: {{ value }}
33 | {% endfor %}
34 |