SCAFU / README.md
Simeon G
Add AI Security Chatbot feature with WizardLM-2 to documentation
90ca684
|
Raw
History Blame Contribute Delete
4.97 kB
metadata
title: SCAFU v3
colorFrom: red
colorTo: gray
sdk: static
pinned: false
license: mit
short_description: Next-generation AI-powered security testing platform
tags:
  - security
  - vulnerability-scanning
  - penetration-testing
  - ai
  - cybersecurity

SCAFU v3 - AI-Powered Security Testing

Version License: MIT Python FastAPI

Next-generation security testing platform with exploit chain automation, Tor anonymity, and advanced WAF evasion. Built for penetration testers, security researchers, and DevSecOps teams.

Structured Data (JSON-LD) | Full Compliance Documentation

Core Capabilities

AI Security Assistant

  • Local-based AI chatbot running cybersecurity-specialized models
  • Natural language scan execution ("Check example.com for XSS vulnerabilities")
  • Automated scan result analysis and threat prioritization
  • Interactive security Q&A and vulnerability research
  • 100% local processing—no queries sent to external APIs

Scanning & Detection

  • 14 integrated security scanners (XSS, SQLi, CSRF, TLS, directory fuzzing, header analysis)
  • Multi-agent AI architecture with 5 specialized agents running in parallel
  • Exploit chain discovery using graph-based vulnerability correlation
  • Real-time threat detection and analysis

Evasion & Privacy

  • Advanced WAF bypass generation (Cloudflare, AWS WAF, Akamai, ModSecurity)
  • Tor network integration for anonymized testing
  • 100% local processing—no data leaves your infrastructure
  • Zero telemetry by default

Reporting & Compliance

  • Executive summaries, technical reports, and compliance documentation
  • OWASP ASVS Level 2, NIST CSF, CIS Controls v8 alignment
  • Export formats: PDF, JSON, CSV, HTML

Live Demo

This is the landing page for SCAFU v3. Click "Download Sample Report" to see a redacted example of SCAFU's comprehensive security assessment reports.

Open Source

SCAFU is open-core software. The foundation is free and open source, perfect for individuals and small teams.

Links

Tech Stack

  • Frontend: React 18 with TypeScript and Tailwind CSS
  • Backend: Python 3.11+ (FastAPI/Starlette)
  • AI/ML: Local LLM (Ollama) with cybersecurity-specialized models
  • Chatbot: Natural language interface for scan execution and analysis
  • Scanners: Nuclei, dalfox, ffuf, testssl.sh, Katana, XSStrike, and more
  • Database: PostgreSQL 15 with Redis caching

Security & Compliance

OWASP NIST CIS GDPR

Standards Compliance:

  • OWASP ASVS Level 2 (Application Security Verification Standard)
  • NIST Cybersecurity Framework (all 5 core functions implemented)
  • CIS Controls v8 (Critical Security Controls)
  • GDPR compliant (privacy by design, local-first architecture)
  • ISO 27001 alignment (self-assessed, formal certification in progress)

Privacy Architecture: All AI analysis runs locally using Ollama. Zero telemetry by default. No cloud dependencies for core functionality.

View Full Compliance Documentation

Legal Notice

WARNING: SCAFU is designed exclusively for authorized security testing. Unauthorized access, testing, or distribution may violate applicable laws including the Computer Fraud and Abuse Act (CFAA) and similar international legislation. Users are solely responsible for obtaining proper authorization before testing any systems.

Responsible Disclosure Policy: security@scafu.io (placeholder)

Security researchers who discover vulnerabilities in SCAFU are encouraged to report them responsibly. We follow a 90-day coordinated disclosure timeline.

License

MIT License - Open Core Model