🔐 Vulnerability Scanner - Comprehensive Security Tool

A powerful, unique vulnerability scanner built with Python and Bash that combines multiple scanning techniques to identify security issues in networks and applications.

✨ Features

Network Security Scanning

• Port Scanner - Identifies open ports and running services
• SSL/TLS Scanner - Detects expired certificates, weak protocols, and cipher vulnerabilities
• HTTPS Verification - Validates certificate chains and expiration dates

Application Security

• Dependency Scanner - Scans for outdated and vulnerable packages in:

  • Python (requirements.txt)
  • Node.js (package.json)
  • Ruby (Gemfile)
  • Java (pom.xml)
  • Go (go.mod)

• File Permission Scanner - Detects insecure file permissions:

  • World-readable sensitive files
  • SUID/SGID binaries
  • World-writable executables

• System Scanner - Checks for:

  • Outdated system packages
  • Vulnerable running services
  • Known CVEs

Unique Features

• SQLite Database Integration - Persistent storage of scan results
• Multi-Format Reporting - JSON, CSV, and HTML reports
• Bash Integration - System-level utilities for advanced scanning
• File Integrity Monitoring - Hash-based file change detection
• Interactive CLI Menu - User-friendly interface
• Modular Architecture - Easy to extend with custom scanners

🚀 Quick Start

Prerequisites

• Python 3.7 or higher
• pip3
• Bash shell
• macOS or Linux

Installation

1. Clone/Navigate to project directory:

cd "Vulnerability scanner"

2. Run setup script:

bash setup.sh

The setup script will:

• Check Python/pip installation
• Create optional virtual environment
• Install dependencies
• Set up directories
• Make bash scripts executable

3. Verify installation:

python3 main.py version

📖 Usage

Interactive Menu

bash bash_scripts/main_scanner.sh

This opens an interactive menu with options to:

1. Scan network hosts
2. Scan directories
3. Run network utilities
4. Check file integrity
5. View reports
6. Configure scanner

Command Line Interface

Scan a Network Host

# Basic port and SSL scan
python3 main.py scan-host -t 192.168.1.100

# Port only
python3 main.py scan-host -t example.com --ports

# SSL/TLS only
python3 main.py scan-host -t example.com --ssl

# Custom report formats
python3 main.py scan-host -t example.com -f json csv html

Scan a Directory

# Scan for dependencies, file permissions, and system issues
python3 main.py scan-dir -d /path/to/project

# Dependency scanning only
python3 main.py scan-dir -d /path/to/project --dependencies

# File permission scanning only
python3 main.py scan-dir -d /path/to/project --files

# All scanners with custom formats
python3 main.py scan-dir -d /path/to/project -fmt json html

Configuration

# View current configuration
python3 main.py config --show

# Set a configuration value
python3 main.py config --set scanner.timeout 45

# Reset to defaults
python3 main.py config --reset

Bash Utilities

Network Utilities

bash bash_scripts/network_utilities.sh --help

# Get system information
bash bash_scripts/network_utilities.sh --system

# Check listening ports
bash bash_scripts/network_utilities.sh --ports

# Check running processes
bash bash_scripts/network_utilities.sh --processes

# Check for system updates
bash bash_scripts/network_utilities.sh --updates

# Run all checks
bash bash_scripts/network_utilities.sh --all

File Integrity Checker

bash bash_scripts/file_integrity_checker.sh help

# Find dangerous permissions
bash bash_scripts/file_integrity_checker.sh find-dangerous /path/to/dir

# Find sensitive files
bash bash_scripts/file_integrity_checker.sh find-sensitive /path/to/dir

# Check file integrity hash
bash bash_scripts/file_integrity_checker.sh check-integrity /path/to/file

# Monitor directory for changes
bash bash_scripts/file_integrity_checker.sh monitor /path/to/dir 5

📊 Output Reports

Report Formats

1. JSON Report - Machine-readable format suitable for parsing and integration

   {
     "scan_id": "20260327_153022_542",
     "target": "192.168.1.100",
     "vulnerabilities": [
       {
         "type": "OPEN_PORT",
         "severity": "HIGH",
         "description": "Port 22 (SSH) is open",
         "remediation": "Review firewall rules"
       }
     ]
   }

2. CSV Report - Tabular format for spreadsheet analysis

   Type,Severity,Description,Affected Item,Remediation
   OPEN_PORT,HIGH,Port 22 (SSH) is open,192.168.1.100:22,Review firewall rules
   

3. HTML Report - Beautiful, interactive report with visualization

   • Color-coded severity levels
   • Sortable vulnerability list
   • Executive summary
   • Scan metadata

All reports are saved in the output/ directory with timestamps.

📁 Project Structure

Vulnerability scanner/
├── main.py                          # Main CLI entry point
├── setup.sh                         # Installation script
├── requirements.txt                 # Python dependencies
├── config/
│   └── config.json                 # Scanner configuration
├── src/
│   ├── __init__.py
│   ├── database.py                 # SQLite database manager
│   ├── config.py                   # Configuration manager
│   ├── scanner.py                  # Main scanner coordinator
│   ├── utils/
│   │   ├── __init__.py
│   │   └── logging.py              # Logging utilities
│   ├── scanners/
│   │   ├── __init__.py
│   │   ├── port_scanner.py         # Port scanning module
│   │   ├── ssl_tls_scanner.py      # SSL/TLS scanning module
│   │   ├── dependency_scanner.py   # Dependency analysis
│   │   ├── file_scanner.py         # File permission scanner
│   │   └── system_scanner.py       # System vulnerability scanner
│   └── reports/
│       ├── __init__.py
│       └── report_generator.py     # Multi-format report generation
├── bash_scripts/
│   ├── main_scanner.sh             # Interactive menu launcher
│   ├── network_utilities.sh        # Network scanning utilities
│   └── file_integrity_checker.sh   # File integrity monitoring
├── output/                          # Generated reports
├── logs/                           # Application logs
└── tests/                          # Unit tests

🔧 Configuration

Edit config/config.json to customize scanner behavior:

{
  "scanner": {
    "timeout": 30,                  // Connection timeout in seconds
    "threads": 4,                   // Number of parallel threads
    "retry_attempts": 3             // Retry failed connections
  },
  "scanners": {
    "port_scanner": {
      "enabled": true,
      "common_ports": [22, 80, 443, 3306, 5432, 8080]
    },
    "ssl_tls_scanner": {
      "enabled": true,
      "check_certificate_validity": true,
      "check_weak_ciphers": true
    }
  }
}

🔍 Scanner Details

Port Scanner

• Scans common and custom ports
• Identifies running services
• Maps known vulnerabilities to open ports
• Severity levels based on port type

SSL/TLS Scanner

• Validates certificate validity
• Checks expiration dates
• Detects weak cipher suites
• Identifies outdated protocol versions
• CRITICAL alerts for expired certificates

Dependency Scanner

• Parses multiple dependency formats
• Checks for known vulnerable packages
• Identifies outdated dependencies
• Supports 5+ package managers

File Permission Scanner

• Detects world-readable/writable files
• Identifies sensitive exposed files (.env, .aws, .ssh)
• Finds dangerous SUID/SGID binaries
• Recursive directory traversal

System Scanner

• Checks for outdated system packages
• Verifies OpenSSL, OpenSSH, curl versions
• Detects running insecure services
• Compares against known vulnerability databases

📈 Vulnerability Severity Levels

• CRITICAL 🔴 - Immediate action required
• HIGH 🟠 - Important, address soon
• MEDIUM 🟡 - Should be addressed
• LOW 🟢 - Minor concern
• INFO 🔵 - Informational

🛠️ Advanced Usage

Custom Scanning Workflow

# Scan host, generate all formats, and automatically open HTML report
python3 main.py scan-host -t target.com -f json csv html && \
open output/report_*.html

# Scan directory and export to CSV for further analysis
python3 main.py scan-dir -d . -fmt csv && \
cat output/report_*.csv | grep CRITICAL

Integration with CI/CD

#!/bin/bash
# Fail if any critical vulnerabilities found
python3 main.py scan-dir -d . -fmt json
if grep -q '"severity": "CRITICAL"' output/*.json; then
  echo "Critical vulnerabilities found!"
  exit 1
fi

Scheduled Scanning

# Add to crontab for daily scans
0 2 * * * cd /path/to/scanner && python3 main.py scan-dir -d /app -fmt html > /var/log/scan.log 2>&1

🐛 Troubleshooting

Python not found

# Install Python 3
# macOS: brew install python3
# Ubuntu/Debian: sudo apt-get install python3 python3-pip

Permission denied on bash scripts

chmod +x bash_scripts/*.sh

SSL certificate verification errors

The scanner intentionally disables SSL verification to detect certificate issues. This is intentional behavior.

No open ports found

Verify:

• Host is reachable (ping target)
• Firewall allows outbound connections
• Adjust timeout in config if network is slow

📝 Example Scan Results

CRITICAL: Expired SSL certificate for example.com
HIGH: Port 23 (Telnet) is open - should be closed
MEDIUM: Django version 1.11.0 is vulnerable to CVE-2019-14234
MEDIUM: Requirements.txt with outdated packages detected
LOW: File /app/.env has world-readable permissions
INFO: OpenSSH version 7.4 detected

🤝 Contributing

To add custom scanners:

1. Create new file in src/scanners/
2. Implement scanner class with scan() method
3. Return dict with vulnerabilities list
4. Add to main scanner in src/scanner.py

Example:

class CustomScanner:
    def scan(self, target):
        vulnerabilities = []
        # Your scanning logic
        return {'vulnerabilities': vulnerabilities}

📄 License

This project is provided as-is for security testing and educational purposes.

⚠️ Disclaimer

This tool should only be used on systems you own or have explicit permission to test. Unauthorized security testing is illegal.

🔗 Additional Resources

• Python Security: https://www.python.org/community/security/
• OWASP Top 10: https://owasp.org/www-project-top-ten/
• CVE Database: https://cve.mitre.org/
• SSL Labs: https://www.ssllabs.com/

📞 Support

For issues or questions:

1. Check the troubleshooting section
2. Review configuration settings
3. Check logs in logs/ directory
4. Verify all dependencies are installed

---

Vulnerability Scanner v1.0.0 - Built for comprehensive security assessment