| --- |
| title: SCAFU v3 |
| colorFrom: red |
| colorTo: gray |
| sdk: static |
| pinned: false |
| license: mit |
| short_description: Next-generation AI-powered security testing platform |
| tags: |
| - security |
| - vulnerability-scanning |
| - penetration-testing |
| - ai |
| - cybersecurity |
| --- |
| |
| # SCAFU v3 - AI-Powered Security Testing |
|
|
| [](https://github.com/simeon-garratt/scafu-v3) |
| [](https://opensource.org/licenses/MIT) |
| [](https://www.python.org/) |
| [](https://fastapi.tiangolo.com/) |
|
|
| Next-generation security testing platform with exploit chain automation, Tor anonymity, and advanced WAF evasion. Built for penetration testers, security researchers, and DevSecOps teams. |
|
|
| [Structured Data (JSON-LD)](./scafu.jsonld) | [Full Compliance Documentation](https://github.com/simeon-garratt/scafu-v3/blob/main/COMPLIANCE.md) |
|
|
| ## Core Capabilities |
|
|
| **AI Security Assistant** |
| - Local-based AI chatbot running cybersecurity-specialized models |
| - Natural language scan execution ("Check example.com for XSS vulnerabilities") |
| - Automated scan result analysis and threat prioritization |
| - Interactive security Q&A and vulnerability research |
| - 100% local processing—no queries sent to external APIs |
|
|
| **Scanning & Detection** |
| - 14 integrated security scanners (XSS, SQLi, CSRF, TLS, directory fuzzing, header analysis) |
| - Multi-agent AI architecture with 5 specialized agents running in parallel |
| - Exploit chain discovery using graph-based vulnerability correlation |
| - Real-time threat detection and analysis |
|
|
| **Evasion & Privacy** |
| - Advanced WAF bypass generation (Cloudflare, AWS WAF, Akamai, ModSecurity) |
| - Tor network integration for anonymized testing |
| - 100% local processing—no data leaves your infrastructure |
| - Zero telemetry by default |
|
|
| **Reporting & Compliance** |
| - Executive summaries, technical reports, and compliance documentation |
| - OWASP ASVS Level 2, NIST CSF, CIS Controls v8 alignment |
| - Export formats: PDF, JSON, CSV, HTML |
|
|
| ## Live Demo |
|
|
| This is the landing page for SCAFU v3. Click "Download Sample Report" to see a redacted example of SCAFU's comprehensive security assessment reports. |
|
|
| ## Open Source |
|
|
| SCAFU is open-core software. The foundation is free and open source, perfect for individuals and small teams. |
|
|
| ## Links |
|
|
| - **GitHub**: [github.com/simeon-garratt/scafu-v3](https://github.com/simeon-garratt/scafu-v3) |
| - **Documentation**: [GitHub Docs](https://github.com/simeon-garratt/scafu-v3/tree/main/docs) |
| - **Sample Report**: Available on this page |
| - **API Docs**: [localhost:8000/api/docs](http://localhost:8000/api/docs) (when running locally) |
|
|
| ## Tech Stack |
|
|
| - **Frontend**: React 18 with TypeScript and Tailwind CSS |
| - **Backend**: Python 3.11+ (FastAPI/Starlette) |
| - **AI/ML**: Local LLM (Ollama) with cybersecurity-specialized models |
| - **Chatbot**: Natural language interface for scan execution and analysis |
| - **Scanners**: Nuclei, dalfox, ffuf, testssl.sh, Katana, XSStrike, and more |
| - **Database**: PostgreSQL 15 with Redis caching |
|
|
| ## Security & Compliance |
|
|
| [](https://github.com/simeon-garratt/scafu-v3/blob/main/COMPLIANCE.md) |
| [](https://github.com/simeon-garratt/scafu-v3/blob/main/COMPLIANCE.md) |
| [](https://github.com/simeon-garratt/scafu-v3/blob/main/COMPLIANCE.md) |
| [](https://github.com/simeon-garratt/scafu-v3/blob/main/COMPLIANCE.md) |
|
|
| **Standards Compliance:** |
| - OWASP ASVS Level 2 (Application Security Verification Standard) |
| - NIST Cybersecurity Framework (all 5 core functions implemented) |
| - CIS Controls v8 (Critical Security Controls) |
| - GDPR compliant (privacy by design, local-first architecture) |
| - ISO 27001 alignment (self-assessed, formal certification in progress) |
|
|
| **Privacy Architecture:** All AI analysis runs locally using Ollama. Zero telemetry by default. No cloud dependencies for core functionality. |
|
|
| [View Full Compliance Documentation](https://github.com/simeon-garratt/scafu-v3/blob/main/COMPLIANCE.md) |
|
|
| ## Legal Notice |
|
|
| **WARNING:** SCAFU is designed exclusively for authorized security testing. Unauthorized access, testing, or distribution may violate applicable laws including the Computer Fraud and Abuse Act (CFAA) and similar international legislation. Users are solely responsible for obtaining proper authorization before testing any systems. |
|
|
| **Responsible Disclosure Policy:** security@scafu.io (placeholder) |
|
|
| Security researchers who discover vulnerabilities in SCAFU are encouraged to report them responsibly. We follow a 90-day coordinated disclosure timeline. |
|
|
| ## License |
|
|
| MIT License - Open Core Model |
|
|