Hugging Face's logo

Spaces:
ali3133
/
RGTR
Running

App Files Community
RGTR
File size: 5,335 Bytes
a378df9
 
 
04cf251
a378df9
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
04cf251
 
a378df9
 
04cf251
a378df9
04cf251
a378df9
 
 
04cf251
a378df9
04cf251
 
a378df9
 
04cf251
a378df9
 
 
 
 
 
 
 
 
 
 
 
04cf251
a378df9
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
04cf251
 
 
a378df9
 
 
04cf251
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
import json
import gradio as gr

# تحميل البيانات
with open("dataset.json", "r", encoding="utf-8") as f:
    DATA = json.load(f)

CATEGORY_MAP = {entry["category"].lower(): entry for entry in DATA}

ALIASES = {
    "xss": "XSS Testing",
    "cross site scripting": "XSS Testing",
    "cross-site scripting": "XSS Testing",
    "lfi": "LFI Testing",
    "local file inclusion": "LFI Testing",
    "open redirect": "Open Redirect",
    "redirect": "Open Redirect",
    "ssrf": "SSRF Testing",
    "server side request forgery": "SSRF Testing",
    "git": "Git Repository Disclosure",
    "git disclosure": "Git Repository Disclosure",
    "git repository": "Git Repository Disclosure",
    "subdomain takeover": "Subdomain Takeover",
    "takeover": "Subdomain Takeover",
    "cors": "CORS Testing",
    "cross origin": "CORS Testing",
    "wordpress": "WordPress Security Testing",
    "wp": "WordPress Security Testing",
    "directory bruteforce": "Directory & File Bruteforcing",
    "dir bruteforce": "Directory & File Bruteforcing",
    "bruteforce": "Directory & File Bruteforcing",
    "hidden parameter": "Hidden Parameter Discovery",
    "parameter discovery": "Hidden Parameter Discovery",
    "arjun": "Hidden Parameter Discovery",
    "sensitive file": "Sensitive File Discovery",
    "file discovery": "Sensitive File Discovery",
    "vulnerability scanning": "Vulnerability Scanning",
    "nuclei": "Vulnerability Scanning",
    "scanning": "Vulnerability Scanning",
    "url collection": "URL Collection & Analysis",
    "url analysis": "URL Collection & Analysis",
    "gau": "URL Collection & Analysis",
    "live host": "Live Host Discovery",
    "host discovery": "Live Host Discovery",
    "httpx": "Live Host Discovery",
    "subdomain enumeration": "Subdomain Enumeration",
    "subdomain": "Subdomain Enumeration",
    "subfinder": "Subdomain Enumeration",
    "additional tools": "Additional Tools",
    "tools": "Additional Tools",
}

def find_category(query: str):
    q = query.strip().lower()
    for alias, cat_name in ALIASES.items():
        if alias in q:
            key = cat_name.lower()
            if key in CATEGORY_MAP:
                return CATEGORY_MAP[key], None
    for key, entry in CATEGORY_MAP.items():
        if key in q or q in key:
            return entry, None
    return None, (
        "❌ لم يتم التعرف على الثغرة. الثغرات المتاحة:\n\n"
        + "\n".join(f"• {e['category']}" for e in DATA)
    )

def wants_commands(query: str) -> bool:
    keywords = [
        "command", "commands", "أوامر", "امر", "أمر",
        "how", "كيف", "tool", "أداة", "run", "تشغيل",
        "exploit", "اختبار", "test",
    ]
    return any(k in query.lower() for k in keywords)

def format_description_only(entry) -> str:
    return (
        f"## 🛡️ {entry['category']}\n\n"
        f"{entry['description']}\n\n"
        f"---\n"
        f"💡 اكتب **`{entry['category']} commands`** لعرض الأوامر"
    )

def format_with_commands(entry) -> str:
    lines = [
        f"## 🛡️ {entry['category']}\n\n{entry['description']}\n\n---\n\n## ⚙️ الأوامر\n"
    ]
    for cmd in entry.get("commands", []):
        lines.append(f"### {cmd['id']}. {cmd['description']}\n")
        lines.append(f"```bash\n{cmd['command']}\n```\n")
    return "\n".join(lines)

def respond(message: str, history: list):
    if not message.strip():
        return history, ""

    entry, err = find_category(message)
    answer = err if err else (
        format_with_commands(entry) if wants_commands(message)
        else format_description_only(entry)
    )

    # بناء التاريخ بالصيغة الجديدة
    history = history or []
    history.append({"role": "user", "content": message})
    history.append({"role": "assistant", "content": answer})
    return history, ""

# واجهة Gradio
CATEGORIES_MD = "\n".join(f"- {e['category']}" for e in DATA)

with gr.Blocks(title="CyberSec Assistant") as demo:
    gr.Markdown(
        """
# 🔐 CyberSec Web Vulnerabilities Assistant
**نموذج مساعد الأمن السيبراني** - يشرح الثغرات الأمنية ويعرض أوامر الاختبار
        """
    )

    with gr.Row():
        with gr.Column(scale=3):
            chatbot = gr.Chatbot(label="المحادثة", height=500)
            with gr.Row():
                txt = gr.Textbox(
                    placeholder="اكتب اسم الثغرة مثل: XSS أو LFI أو SSRF ...",
                    label="سؤالك",
                    scale=4,
                )
                send_btn = gr.Button("إرسال", variant="primary", scale=1)

        with gr.Column(scale=1):
            gr.Markdown(f"### 📋 الثغرات المتاحة\n{CATEGORIES_MD}")
            gr.Markdown(
                """
### 💡 أمثلة
- `XSS` ← يعرض الوصف فقط
- `XSS commands` ← يعرض الأوامر
- `LFI Testing` ← وصف LFI
- `subdomain enumeration commands`
                """
            )

    # ربط الأحداث
    send_btn.click(respond, [txt, chatbot], [chatbot, txt])
    txt.submit(respond, [txt, chatbot], [chatbot, txt])

    gr.Markdown("---\n*تصنيف: هجومي | Web Vulnerabilities | v1.2*")

demo.launch()