KASCVE is an automated, lightweight defensive hardening and security architecture audit engine written in Python. It is engineered to map public attack surfaces, discover forgotten staging paths or configuration artifacts via dynamic SecLists integrations, and generate prioritized remediation matrices for missing protocol wrappers.
/¯¯\
\__/
||
||
| |
| | █ █ ███ ███ ███ █ █ ███
| | █ / █ █ █ █ █ █ █ █
| | ████ █████ ███ █ █ █ ███
| | █ \ █ █ █ █ █ \ / █
| | █ \█ █ █ ███ ███ \_/ ███
.--.----.--. -- --- -- --- --- -- ---
.-----\__/-----. --------------------------------------------------------
-
Dynamic SecLists Pipeline: Features multi-tier directory fuzzing tracking ranging from lightweight sweeps (150 words) to intense structural audits leveraging standard enterprise path wordlists (
raft-medium-directories). -
Forgotten Asset Analysis Engine: Automatically identifies residual staging files, unlinked user directories (
/~admin), exposed source code hubs (.git), and unpurged database/backup archives (.env,backup.zip). -
Prioritized Severity Hardening Matrix: Classifies configuration errors into clear structural severity vectors (Low, Medium, High) accompanied by explicit, copy-pasteable configuration directives for Nginx, Apache, and the Laravel Framework.
-
Ecosystem Component Patch Matching: Evaluates running application platform signatures directly against open-source vulnerability documentation indices to map underlying risks.
KASCVE/
├── main.py # Primary controller orchestrator & interface console
├── requirements.txt # System dependency manifest references
├── install.sh # Automated deployment engine script
├── .gitignore # Development environment cache filters
└── core/
├── path_discovery.py # Multi-tier SecLists streaming dictionary interface
├── structural_audit.py # Component form processing layer
├── passive_recon.py # Passive sub-domain metadata analyzer
└── osv_api.py # Framework vulnerability signature match check
The system contains an automated installer that handles necessary Python packages and establishes a global environment symbolic execution wrapper in /usr/local/bin/KASCVE, allowing you to execute audits from any active folder route.
# Clone the core framework repository
git clone https://github.com/PicasoTheDeal/KASCVE.git
cd KASCVE
# Execute the automated system configuration wrapper script
sudo ./install.shOnce initialized, call the tool globally passing any target domain asset as the first tracking index parameter:
KASCVE example.com- Baseline Passive Scan: Collects passive subdomain layouts and maps third-party framework patch versions.
- Advanced Authentication Surface Audit: Isolates login endpoint vectors, evaluating parameters for insecure
GEThandshakes or missing Anti-CSRF verification tokens. - File Upload Integrity Audit: Inspects multi-part file handlers to enforce strict binary validation requirements.
- Complete Stack Evaluation: Fires every analysis module concurrently against the selected targets.
When vulnerabilities are discovered, KASCVE outputs direct production layout file patches:
- Nginx Server Configurations: Directly logs specific
add_headerparameters matching required security scopes. - Apache Overlays: Dictates appropriate
.htaccessrule arrays. - Modern Framework Middleware: Provides direct paths to safely isolate variables out of executable roots.
This tool is strictly developed for educational purposes, authorized security auditing, and defensive hardening. Running KASCVE against targets without prior written consent is illegal and a violation of computer misuse laws. The developer assumes no liability and is not responsible for any misuse, damage, or unauthorized scanning caused by this program.
Developer: PicasoTheDealer Licensed under the MIT License.