| |
| |
|
|
| |
| window.SCAFU = { |
| scanResults: [], |
| scanHistory: [], |
| currentScan: null, |
| adminMode: false, |
| selectedScanners: [] |
| }; |
|
|
| |
|
|
| const MOCK_VULNERABILITIES = [ |
| { |
| id: 1, |
| title: 'API Key Exposed in Frontend Bundle', |
| severity: 'critical', |
| cvss: 9.8, |
| cwe: 'CWE-798', |
| url: '/static/chunks/app-bundle-f3a2.js', |
| scanner: 'API Key Scanner', |
| description: 'Production AWS API key hardcoded in JavaScript bundle accessible to all users.', |
| impact: 'Attacker can access S3 buckets, Lambda functions, and customer data stored in AWS.', |
| remediation: 'Move all API keys to backend environment variables. Rotate compromised key immediately.', |
| exploitCode: `// Found in app-bundle-f3a2.js\nconst AWS_KEY = "AKIAIOSFODNN7EXAMPLE";\nconst AWS_SECRET = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";`, |
| timestamp: Date.now() - 120000 |
| }, |
| { |
| id: 2, |
| title: 'GraphQL Introspection Enabled', |
| severity: 'high', |
| cvss: 7.5, |
| cwe: 'CWE-200', |
| url: '/api/graphql', |
| scanner: 'API Scanner', |
| description: 'GraphQL introspection query reveals entire API schema including internal queries and mutations.', |
| impact: 'Attacker can enumerate all API endpoints, understand data relationships, and craft targeted attacks.', |
| remediation: 'Disable introspection in production environments. Implement query depth limiting.', |
| exploitCode: `query IntrospectionQuery { |
| __schema { |
| types { |
| name |
| fields { |
| name |
| type { name } |
| } |
| } |
| } |
| }`, |
| timestamp: Date.now() - 240000 |
| }, |
| { |
| id: 3, |
| title: 'Reflected XSS in Search Parameter', |
| severity: 'high', |
| cvss: 7.2, |
| cwe: 'CWE-79', |
| url: '/search?q=<payload>', |
| scanner: 'dalfox', |
| description: 'User input in search parameter is reflected without sanitization, allowing XSS attacks.', |
| impact: 'Session hijacking, credential theft, defacement, malware distribution.', |
| remediation: 'Implement proper input sanitization and output encoding. Use Content Security Policy.', |
| exploitCode: `https://example-app.com/search?q=<img src=x onerror=alert(document.cookie)>`, |
| timestamp: Date.now() - 356000 |
| }, |
| { |
| id: 4, |
| title: 'SQL Injection in Login Form', |
| severity: 'critical', |
| cvss: 9.1, |
| cwe: 'CWE-89', |
| url: '/api/auth/login', |
| scanner: 'SQLMap', |
| description: 'Username parameter is vulnerable to boolean-based blind SQL injection.', |
| impact: 'Full database compromise, authentication bypass, data exfiltration.', |
| remediation: 'Use parameterized queries/prepared statements. Never concatenate user input into SQL.', |
| exploitCode: `username=admin' OR '1'='1' --&password=anything`, |
| timestamp: Date.now() - 180000 |
| }, |
| { |
| id: 5, |
| title: 'Missing Security Headers', |
| severity: 'medium', |
| cvss: 5.3, |
| cwe: 'CWE-16', |
| url: '/', |
| scanner: 'Security Headers', |
| description: 'Application missing critical security headers: CSP, X-Frame-Options, HSTS.', |
| impact: 'Vulnerable to clickjacking, MITM attacks, and XSS exploitation.', |
| remediation: 'Implement comprehensive security headers in server configuration.', |
| exploitCode: `Missing headers:\n- Content-Security-Policy\n- X-Frame-Options\n- Strict-Transport-Security\n- X-Content-Type-Options`, |
| timestamp: Date.now() - 420000 |
| }, |
| { |
| id: 6, |
| title: 'CORS Misconfiguration', |
| severity: 'medium', |
| cvss: 6.5, |
| cwe: 'CWE-942', |
| url: '/api/*', |
| scanner: 'CORS Scanner', |
| description: 'API accepts requests from any origin with credentials enabled.', |
| impact: 'Cross-origin data theft, CSRF attacks bypassing SameSite protection.', |
| remediation: 'Whitelist specific origins. Never use wildcard (*) with credentials: true.', |
| exploitCode: `Access-Control-Allow-Origin: *\nAccess-Control-Allow-Credentials: true`, |
| timestamp: Date.now() - 300000 |
| }, |
| { |
| id: 7, |
| title: 'JWT Algorithm Confusion', |
| severity: 'high', |
| cvss: 8.1, |
| cwe: 'CWE-327', |
| url: '/api/auth/verify', |
| scanner: 'JWT_Tool', |
| description: 'JWT verification accepts "none" algorithm, allowing token forgery.', |
| impact: 'Complete authentication bypass, privilege escalation to admin.', |
| remediation: 'Explicitly whitelist allowed algorithms (RS256, ES256). Reject "none" algorithm.', |
| exploitCode: `eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJ1c2VyIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4ifQ.`, |
| timestamp: Date.now() - 480000 |
| }, |
| { |
| id: 8, |
| title: 'Subdomain Takeover Risk', |
| severity: 'medium', |
| cvss: 6.8, |
| cwe: 'CWE-350', |
| url: 'blog.example-app.com', |
| scanner: 'Sublist3r', |
| description: 'DNS points to unclaimed GitHub Pages. Subdomain can be taken over.', |
| impact: 'Phishing attacks, malware distribution, reputation damage, session hijacking.', |
| remediation: 'Remove dangling DNS records or claim the resource.', |
| exploitCode: `CNAME: blog.example-app.com -> example-app.github.io\nStatus: Not Found (404)`, |
| timestamp: Date.now() - 600000 |
| } |
| ]; |
|
|
| const SCAN_LOGS = [ |
| { time: '00:01', level: 'INFO', module: 'INIT', message: 'Scan initialized for example-app.com', color: 'emerald' }, |
| { time: '00:02', level: 'INFO', module: 'RECON', message: 'Discovering endpoints via sitemap and robots.txt', color: 'cyan' }, |
| { time: '00:05', level: 'SUCCESS', module: 'RECON', message: 'Found 47 endpoints', color: 'emerald' }, |
| { time: '00:06', level: 'INFO', module: 'FINGERPRINT', message: 'Detecting technology stack...', color: 'cyan' }, |
| { time: '00:08', level: 'SUCCESS', module: 'FINGERPRINT', message: 'Stack: React 18.2, Next.js 13, GraphQL API', color: 'emerald' }, |
| { time: '00:10', level: 'WARN', module: 'WAF', message: 'WAF detected: Cloudflare', color: 'yellow' }, |
| { time: '00:11', level: 'INFO', module: 'EVASION', message: 'Generating WAF bypass chains...', color: 'orange' }, |
| { time: '00:15', level: 'INFO', module: 'NUCLEI', message: 'Testing 1,247 templates...', color: 'cyan' }, |
| { time: '00:22', level: 'CRITICAL', module: 'API-KEY', message: 'API key exposed in /static/chunks/app-bundle-f3a2.js', color: 'red' }, |
| { time: '00:28', level: 'HIGH', module: 'GRAPHQL', message: 'GraphQL introspection enabled at /api/graphql', color: 'orange' }, |
| { time: '00:35', level: 'INFO', module: 'DALFOX', message: 'XSS fuzzing: 142 payloads tested', color: 'cyan' }, |
| { time: '00:41', level: 'HIGH', module: 'XSS', message: 'Reflected XSS in search parameter', color: 'orange' }, |
| { time: '00:48', level: 'INFO', module: 'SQLMAP', message: 'Testing SQL injection vectors...', color: 'cyan' }, |
| { time: '00:55', level: 'CRITICAL', module: 'SQLI', message: 'SQL injection in /api/auth/login', color: 'red' }, |
| { time: '01:02', level: 'MEDIUM', module: 'HEADERS', message: 'Missing security headers detected', color: 'yellow' }, |
| { time: '01:08', level: 'MEDIUM', module: 'CORS', message: 'CORS misconfiguration found', color: 'yellow' }, |
| { time: '01:15', level: 'INFO', module: 'JWT', message: 'Analyzing JWT implementation...', color: 'cyan' }, |
| { time: '01:22', level: 'HIGH', module: 'JWT', message: 'JWT accepts "none" algorithm', color: 'orange' }, |
| { time: '01:30', level: 'INFO', module: 'SUBDOMAIN', message: 'Enumerating subdomains...', color: 'cyan' }, |
| { time: '01:45', level: 'MEDIUM', module: 'SUBDOMAIN', message: 'Subdomain takeover risk on blog.example-app.com', color: 'yellow' }, |
| { time: '02:00', level: 'INFO', module: 'AI-ANALYZE', message: 'Running AI vulnerability analysis...', color: 'purple' }, |
| { time: '02:15', level: 'SUCCESS', module: 'AI-ANALYZE', message: 'Identified 3 exploit chains with 87% confidence', color: 'emerald' }, |
| { time: '02:30', level: 'INFO', module: 'CHAINS', message: 'Attack chain: SQLi → Database Dump → Credential Reuse', color: 'cyan' }, |
| { time: '02:45', level: 'INFO', module: 'COMPLETE', message: 'Scan completed. Total findings: 8', color: 'emerald' } |
| ]; |
|
|
| const SCANNER_LIST = { |
| basic: [ |
| { id: 'csrf', name: 'CSRF Detection', tool: 'Nuclei', duration: '2-4 min' }, |
| { id: 'xss', name: 'XSS Scanner', tool: 'dalfox', duration: '3-5 min' }, |
| { id: 'sqli', name: 'SQL Injection', tool: 'SQLMap', duration: '4-8 min' }, |
| { id: 'headers', name: 'Security Headers', tool: 'Custom', duration: '1-2 min' }, |
| { id: 'cors', name: 'CORS Misconfiguration', tool: 'Custom', duration: '1-2 min' } |
| ], |
| advanced: [ |
| { id: 'lfi', name: 'LFI/Path Traversal', tool: 'Custom', duration: '5-10 min' }, |
| { id: 'rfi', name: 'RFI Detection', tool: 'Custom', duration: '4-8 min' }, |
| { id: 'xxe', name: 'XXE Scanner', tool: 'Custom', duration: '3-6 min' }, |
| { id: 'ssrf', name: 'SSRF Detection', tool: 'Custom', duration: '5-10 min' }, |
| { id: 'idor', name: 'IDOR Scanner', tool: 'Custom', duration: '6-12 min' }, |
| { id: 'redirect', name: 'Open Redirect', tool: 'Custom', duration: '2-4 min' } |
| ], |
| deep: [ |
| { id: 'subdomain', name: 'Subdomain Takeover', tool: 'Sublist3r', duration: '15-30 min' }, |
| { id: 'jwt', name: 'JWT Security', tool: 'JWT_Tool', duration: '10-20 min' }, |
| { id: 'apikey', name: 'API Key Scanner', tool: 'Custom', duration: '8-15 min' } |
| ] |
| }; |
|
|
| |
|
|
| function generateMockScan(targetUrl, selectedScanners) { |
| const scanId = 'scan_' + Date.now(); |
| const findings = MOCK_VULNERABILITIES.slice(0, Math.min(8, selectedScanners.length)); |
| |
| return { |
| id: scanId, |
| target: targetUrl, |
| status: 'completed', |
| duration: '2m 45s', |
| startTime: new Date().toLocaleTimeString(), |
| endTime: new Date(Date.now() + 165000).toLocaleTimeString(), |
| scannerCount: selectedScanners.length, |
| findings: findings, |
| critical: findings.filter(f => f.severity === 'critical').length, |
| high: findings.filter(f => f.severity === 'high').length, |
| medium: findings.filter(f => f.severity === 'medium').length, |
| low: 0, |
| vectors: 247, |
| timestamp: Date.now() |
| }; |
| } |
|
|
| async function startLiveScan(targetUrl, scanners) { |
| window.SCAFU.currentScan = { |
| id: 'scan_' + Date.now(), |
| target: targetUrl, |
| scanners: scanners, |
| progress: 0, |
| findings: [], |
| logs: [], |
| startTime: Date.now() |
| }; |
| |
| |
| const overlay = document.getElementById('live-scan-overlay'); |
| if (overlay) { |
| overlay.classList.remove('hidden'); |
| } |
| |
| |
| let progress = 0; |
| let logIndex = 0; |
| const totalDuration = 30000; |
| const interval = 1000; |
| |
| const progressInterval = setInterval(() => { |
| progress += (100 / (totalDuration / interval)); |
| window.SCAFU.currentScan.progress = Math.min(Math.floor(progress), 100); |
| |
| |
| const progressEl = document.getElementById('scan-progress'); |
| if (progressEl) { |
| progressEl.textContent = Math.min(Math.floor(progress), 100); |
| } |
| |
| |
| if (logIndex < SCAN_LOGS.length && progress >= (logIndex / SCAN_LOGS.length) * 100) { |
| addScanLog(SCAN_LOGS[logIndex]); |
| logIndex++; |
| } |
| |
| |
| if (progress >= 40 && window.SCAFU.currentScan.findings.length === 0) { |
| addFinding(MOCK_VULNERABILITIES[0]); |
| } |
| if (progress >= 60 && window.SCAFU.currentScan.findings.length === 1) { |
| addFinding(MOCK_VULNERABILITIES[1]); |
| addFinding(MOCK_VULNERABILITIES[2]); |
| } |
| if (progress >= 80 && window.SCAFU.currentScan.findings.length === 3) { |
| addFinding(MOCK_VULNERABILITIES[3]); |
| addFinding(MOCK_VULNERABILITIES[4]); |
| } |
| |
| |
| if (progress >= 100) { |
| clearInterval(progressInterval); |
| completeScan(); |
| } |
| }, interval); |
| } |
|
|
| function addScanLog(log) { |
| const console = document.getElementById('scan-console'); |
| if (!console) return; |
| |
| const logEntry = document.createElement('div'); |
| logEntry.className = `log-entry flex items-start gap-3 p-2 rounded hover:bg-white/5 ${log.level === 'CRITICAL' ? 'bg-red-500/10 border-l-4 border-red-400' : log.level === 'HIGH' ? 'bg-orange-500/10 border-l-4 border-orange-400' : ''}`; |
| logEntry.innerHTML = ` |
| <span class="text-slate-500 font-mono text-xs">${log.time}</span> |
| <span class="text-${log.color}-400 font-mono text-xs">[${log.module}]</span> |
| <span class="text-slate-300 text-xs">${log.message}</span> |
| `; |
| console.appendChild(logEntry); |
| console.scrollTop = console.scrollHeight; |
| } |
|
|
| function addFinding(vulnerability) { |
| window.SCAFU.currentScan.findings.push(vulnerability); |
| window.SCAFU.scanResults.push(vulnerability); |
| |
| |
| updateFindingCounters(); |
| } |
|
|
| function updateFindingCounters() { |
| const findings = window.SCAFU.currentScan.findings; |
| document.getElementById('critical-count').textContent = findings.filter(f => f.severity === 'critical').length; |
| document.getElementById('high-count').textContent = findings.filter(f => f.severity === 'high').length; |
| document.getElementById('medium-count').textContent = findings.filter(f => f.severity === 'medium').length; |
| } |
|
|
| function completeScan() { |
| const scan = generateMockScan(window.SCAFU.currentScan.target, window.SCAFU.currentScan.scanners); |
| window.SCAFU.scanHistory.unshift(scan); |
| |
| |
| setTimeout(() => { |
| alert('Scan completed! Found ' + scan.findings.length + ' vulnerabilities.'); |
| document.getElementById('live-scan-overlay').classList.add('hidden'); |
| |
| if (typeof switchTab === 'function') { |
| switchTab('results'); |
| } |
| }, 1000); |
| } |
|
|
| |
| console.log('SCAFU Scan Engine loaded'); |
|
|