SCAFU / scan-engine.js
Simeon G
Add live scan engine, results view, and full mock functionality
d5c8864
Raw
History Blame Contribute Delete
14.8 kB
// SCAFU v3 - Complete Scan Engine & Mock Data Generator
// Add this script to app-demo.html to enable full functionality
// ==================== GLOBAL STATE ====================
window.SCAFU = {
scanResults: [],
scanHistory: [],
currentScan: null,
adminMode: false,
selectedScanners: []
};
// ==================== MOCK DATA GENERATORS ====================
const MOCK_VULNERABILITIES = [
{
id: 1,
title: 'API Key Exposed in Frontend Bundle',
severity: 'critical',
cvss: 9.8,
cwe: 'CWE-798',
url: '/static/chunks/app-bundle-f3a2.js',
scanner: 'API Key Scanner',
description: 'Production AWS API key hardcoded in JavaScript bundle accessible to all users.',
impact: 'Attacker can access S3 buckets, Lambda functions, and customer data stored in AWS.',
remediation: 'Move all API keys to backend environment variables. Rotate compromised key immediately.',
exploitCode: `// Found in app-bundle-f3a2.js\nconst AWS_KEY = "AKIAIOSFODNN7EXAMPLE";\nconst AWS_SECRET = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";`,
timestamp: Date.now() - 120000
},
{
id: 2,
title: 'GraphQL Introspection Enabled',
severity: 'high',
cvss: 7.5,
cwe: 'CWE-200',
url: '/api/graphql',
scanner: 'API Scanner',
description: 'GraphQL introspection query reveals entire API schema including internal queries and mutations.',
impact: 'Attacker can enumerate all API endpoints, understand data relationships, and craft targeted attacks.',
remediation: 'Disable introspection in production environments. Implement query depth limiting.',
exploitCode: `query IntrospectionQuery {
__schema {
types {
name
fields {
name
type { name }
}
}
}
}`,
timestamp: Date.now() - 240000
},
{
id: 3,
title: 'Reflected XSS in Search Parameter',
severity: 'high',
cvss: 7.2,
cwe: 'CWE-79',
url: '/search?q=<payload>',
scanner: 'dalfox',
description: 'User input in search parameter is reflected without sanitization, allowing XSS attacks.',
impact: 'Session hijacking, credential theft, defacement, malware distribution.',
remediation: 'Implement proper input sanitization and output encoding. Use Content Security Policy.',
exploitCode: `https://example-app.com/search?q=<img src=x onerror=alert(document.cookie)>`,
timestamp: Date.now() - 356000
},
{
id: 4,
title: 'SQL Injection in Login Form',
severity: 'critical',
cvss: 9.1,
cwe: 'CWE-89',
url: '/api/auth/login',
scanner: 'SQLMap',
description: 'Username parameter is vulnerable to boolean-based blind SQL injection.',
impact: 'Full database compromise, authentication bypass, data exfiltration.',
remediation: 'Use parameterized queries/prepared statements. Never concatenate user input into SQL.',
exploitCode: `username=admin' OR '1'='1' --&password=anything`,
timestamp: Date.now() - 180000
},
{
id: 5,
title: 'Missing Security Headers',
severity: 'medium',
cvss: 5.3,
cwe: 'CWE-16',
url: '/',
scanner: 'Security Headers',
description: 'Application missing critical security headers: CSP, X-Frame-Options, HSTS.',
impact: 'Vulnerable to clickjacking, MITM attacks, and XSS exploitation.',
remediation: 'Implement comprehensive security headers in server configuration.',
exploitCode: `Missing headers:\n- Content-Security-Policy\n- X-Frame-Options\n- Strict-Transport-Security\n- X-Content-Type-Options`,
timestamp: Date.now() - 420000
},
{
id: 6,
title: 'CORS Misconfiguration',
severity: 'medium',
cvss: 6.5,
cwe: 'CWE-942',
url: '/api/*',
scanner: 'CORS Scanner',
description: 'API accepts requests from any origin with credentials enabled.',
impact: 'Cross-origin data theft, CSRF attacks bypassing SameSite protection.',
remediation: 'Whitelist specific origins. Never use wildcard (*) with credentials: true.',
exploitCode: `Access-Control-Allow-Origin: *\nAccess-Control-Allow-Credentials: true`,
timestamp: Date.now() - 300000
},
{
id: 7,
title: 'JWT Algorithm Confusion',
severity: 'high',
cvss: 8.1,
cwe: 'CWE-327',
url: '/api/auth/verify',
scanner: 'JWT_Tool',
description: 'JWT verification accepts "none" algorithm, allowing token forgery.',
impact: 'Complete authentication bypass, privilege escalation to admin.',
remediation: 'Explicitly whitelist allowed algorithms (RS256, ES256). Reject "none" algorithm.',
exploitCode: `eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJ1c2VyIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4ifQ.`,
timestamp: Date.now() - 480000
},
{
id: 8,
title: 'Subdomain Takeover Risk',
severity: 'medium',
cvss: 6.8,
cwe: 'CWE-350',
url: 'blog.example-app.com',
scanner: 'Sublist3r',
description: 'DNS points to unclaimed GitHub Pages. Subdomain can be taken over.',
impact: 'Phishing attacks, malware distribution, reputation damage, session hijacking.',
remediation: 'Remove dangling DNS records or claim the resource.',
exploitCode: `CNAME: blog.example-app.com -> example-app.github.io\nStatus: Not Found (404)`,
timestamp: Date.now() - 600000
}
];
const SCAN_LOGS = [
{ time: '00:01', level: 'INFO', module: 'INIT', message: 'Scan initialized for example-app.com', color: 'emerald' },
{ time: '00:02', level: 'INFO', module: 'RECON', message: 'Discovering endpoints via sitemap and robots.txt', color: 'cyan' },
{ time: '00:05', level: 'SUCCESS', module: 'RECON', message: 'Found 47 endpoints', color: 'emerald' },
{ time: '00:06', level: 'INFO', module: 'FINGERPRINT', message: 'Detecting technology stack...', color: 'cyan' },
{ time: '00:08', level: 'SUCCESS', module: 'FINGERPRINT', message: 'Stack: React 18.2, Next.js 13, GraphQL API', color: 'emerald' },
{ time: '00:10', level: 'WARN', module: 'WAF', message: 'WAF detected: Cloudflare', color: 'yellow' },
{ time: '00:11', level: 'INFO', module: 'EVASION', message: 'Generating WAF bypass chains...', color: 'orange' },
{ time: '00:15', level: 'INFO', module: 'NUCLEI', message: 'Testing 1,247 templates...', color: 'cyan' },
{ time: '00:22', level: 'CRITICAL', module: 'API-KEY', message: 'API key exposed in /static/chunks/app-bundle-f3a2.js', color: 'red' },
{ time: '00:28', level: 'HIGH', module: 'GRAPHQL', message: 'GraphQL introspection enabled at /api/graphql', color: 'orange' },
{ time: '00:35', level: 'INFO', module: 'DALFOX', message: 'XSS fuzzing: 142 payloads tested', color: 'cyan' },
{ time: '00:41', level: 'HIGH', module: 'XSS', message: 'Reflected XSS in search parameter', color: 'orange' },
{ time: '00:48', level: 'INFO', module: 'SQLMAP', message: 'Testing SQL injection vectors...', color: 'cyan' },
{ time: '00:55', level: 'CRITICAL', module: 'SQLI', message: 'SQL injection in /api/auth/login', color: 'red' },
{ time: '01:02', level: 'MEDIUM', module: 'HEADERS', message: 'Missing security headers detected', color: 'yellow' },
{ time: '01:08', level: 'MEDIUM', module: 'CORS', message: 'CORS misconfiguration found', color: 'yellow' },
{ time: '01:15', level: 'INFO', module: 'JWT', message: 'Analyzing JWT implementation...', color: 'cyan' },
{ time: '01:22', level: 'HIGH', module: 'JWT', message: 'JWT accepts "none" algorithm', color: 'orange' },
{ time: '01:30', level: 'INFO', module: 'SUBDOMAIN', message: 'Enumerating subdomains...', color: 'cyan' },
{ time: '01:45', level: 'MEDIUM', module: 'SUBDOMAIN', message: 'Subdomain takeover risk on blog.example-app.com', color: 'yellow' },
{ time: '02:00', level: 'INFO', module: 'AI-ANALYZE', message: 'Running AI vulnerability analysis...', color: 'purple' },
{ time: '02:15', level: 'SUCCESS', module: 'AI-ANALYZE', message: 'Identified 3 exploit chains with 87% confidence', color: 'emerald' },
{ time: '02:30', level: 'INFO', module: 'CHAINS', message: 'Attack chain: SQLi → Database Dump → Credential Reuse', color: 'cyan' },
{ time: '02:45', level: 'INFO', module: 'COMPLETE', message: 'Scan completed. Total findings: 8', color: 'emerald' }
];
const SCANNER_LIST = {
basic: [
{ id: 'csrf', name: 'CSRF Detection', tool: 'Nuclei', duration: '2-4 min' },
{ id: 'xss', name: 'XSS Scanner', tool: 'dalfox', duration: '3-5 min' },
{ id: 'sqli', name: 'SQL Injection', tool: 'SQLMap', duration: '4-8 min' },
{ id: 'headers', name: 'Security Headers', tool: 'Custom', duration: '1-2 min' },
{ id: 'cors', name: 'CORS Misconfiguration', tool: 'Custom', duration: '1-2 min' }
],
advanced: [
{ id: 'lfi', name: 'LFI/Path Traversal', tool: 'Custom', duration: '5-10 min' },
{ id: 'rfi', name: 'RFI Detection', tool: 'Custom', duration: '4-8 min' },
{ id: 'xxe', name: 'XXE Scanner', tool: 'Custom', duration: '3-6 min' },
{ id: 'ssrf', name: 'SSRF Detection', tool: 'Custom', duration: '5-10 min' },
{ id: 'idor', name: 'IDOR Scanner', tool: 'Custom', duration: '6-12 min' },
{ id: 'redirect', name: 'Open Redirect', tool: 'Custom', duration: '2-4 min' }
],
deep: [
{ id: 'subdomain', name: 'Subdomain Takeover', tool: 'Sublist3r', duration: '15-30 min' },
{ id: 'jwt', name: 'JWT Security', tool: 'JWT_Tool', duration: '10-20 min' },
{ id: 'apikey', name: 'API Key Scanner', tool: 'Custom', duration: '8-15 min' }
]
};
// ==================== SCAN ENGINE ====================
function generateMockScan(targetUrl, selectedScanners) {
const scanId = 'scan_' + Date.now();
const findings = MOCK_VULNERABILITIES.slice(0, Math.min(8, selectedScanners.length));
return {
id: scanId,
target: targetUrl,
status: 'completed',
duration: '2m 45s',
startTime: new Date().toLocaleTimeString(),
endTime: new Date(Date.now() + 165000).toLocaleTimeString(),
scannerCount: selectedScanners.length,
findings: findings,
critical: findings.filter(f => f.severity === 'critical').length,
high: findings.filter(f => f.severity === 'high').length,
medium: findings.filter(f => f.severity === 'medium').length,
low: 0,
vectors: 247,
timestamp: Date.now()
};
}
async function startLiveScan(targetUrl, scanners) {
window.SCAFU.currentScan = {
id: 'scan_' + Date.now(),
target: targetUrl,
scanners: scanners,
progress: 0,
findings: [],
logs: [],
startTime: Date.now()
};
// Show live scan overlay
const overlay = document.getElementById('live-scan-overlay');
if (overlay) {
overlay.classList.remove('hidden');
}
// Simulate scan progress
let progress = 0;
let logIndex = 0;
const totalDuration = 30000; // 30 seconds
const interval = 1000;
const progressInterval = setInterval(() => {
progress += (100 / (totalDuration / interval));
window.SCAFU.currentScan.progress = Math.min(Math.floor(progress), 100);
// Update progress display
const progressEl = document.getElementById('scan-progress');
if (progressEl) {
progressEl.textContent = Math.min(Math.floor(progress), 100);
}
// Add logs
if (logIndex < SCAN_LOGS.length && progress >= (logIndex / SCAN_LOGS.length) * 100) {
addScanLog(SCAN_LOGS[logIndex]);
logIndex++;
}
// Add findings at specific intervals
if (progress >= 40 && window.SCAFU.currentScan.findings.length === 0) {
addFinding(MOCK_VULNERABILITIES[0]);
}
if (progress >= 60 && window.SCAFU.currentScan.findings.length === 1) {
addFinding(MOCK_VULNERABILITIES[1]);
addFinding(MOCK_VULNERABILITIES[2]);
}
if (progress >= 80 && window.SCAFU.currentScan.findings.length === 3) {
addFinding(MOCK_VULNERABILITIES[3]);
addFinding(MOCK_VULNERABILITIES[4]);
}
// Complete scan
if (progress >= 100) {
clearInterval(progressInterval);
completeScan();
}
}, interval);
}
function addScanLog(log) {
const console = document.getElementById('scan-console');
if (!console) return;
const logEntry = document.createElement('div');
logEntry.className = `log-entry flex items-start gap-3 p-2 rounded hover:bg-white/5 ${log.level === 'CRITICAL' ? 'bg-red-500/10 border-l-4 border-red-400' : log.level === 'HIGH' ? 'bg-orange-500/10 border-l-4 border-orange-400' : ''}`;
logEntry.innerHTML = `
<span class="text-slate-500 font-mono text-xs">${log.time}</span>
<span class="text-${log.color}-400 font-mono text-xs">[${log.module}]</span>
<span class="text-slate-300 text-xs">${log.message}</span>
`;
console.appendChild(logEntry);
console.scrollTop = console.scrollHeight;
}
function addFinding(vulnerability) {
window.SCAFU.currentScan.findings.push(vulnerability);
window.SCAFU.scanResults.push(vulnerability);
// Update counters
updateFindingCounters();
}
function updateFindingCounters() {
const findings = window.SCAFU.currentScan.findings;
document.getElementById('critical-count').textContent = findings.filter(f => f.severity === 'critical').length;
document.getElementById('high-count').textContent = findings.filter(f => f.severity === 'high').length;
document.getElementById('medium-count').textContent = findings.filter(f => f.severity === 'medium').length;
}
function completeScan() {
const scan = generateMockScan(window.SCAFU.currentScan.target, window.SCAFU.currentScan.scanners);
window.SCAFU.scanHistory.unshift(scan);
// Show completion notification
setTimeout(() => {
alert('Scan completed! Found ' + scan.findings.length + ' vulnerabilities.');
document.getElementById('live-scan-overlay').classList.add('hidden');
// Navigate to results
if (typeof switchTab === 'function') {
switchTab('results');
}
}, 1000);
}
// ==================== EXPORT ====================
console.log('SCAFU Scan Engine loaded');