// SCAFU v3 - Complete Scan Engine & Mock Data Generator // Add this script to app-demo.html to enable full functionality // ==================== GLOBAL STATE ==================== window.SCAFU = { scanResults: [], scanHistory: [], currentScan: null, adminMode: false, selectedScanners: [] }; // ==================== MOCK DATA GENERATORS ==================== const MOCK_VULNERABILITIES = [ { id: 1, title: 'API Key Exposed in Frontend Bundle', severity: 'critical', cvss: 9.8, cwe: 'CWE-798', url: '/static/chunks/app-bundle-f3a2.js', scanner: 'API Key Scanner', description: 'Production AWS API key hardcoded in JavaScript bundle accessible to all users.', impact: 'Attacker can access S3 buckets, Lambda functions, and customer data stored in AWS.', remediation: 'Move all API keys to backend environment variables. Rotate compromised key immediately.', exploitCode: `// Found in app-bundle-f3a2.js\nconst AWS_KEY = "AKIAIOSFODNN7EXAMPLE";\nconst AWS_SECRET = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";`, timestamp: Date.now() - 120000 }, { id: 2, title: 'GraphQL Introspection Enabled', severity: 'high', cvss: 7.5, cwe: 'CWE-200', url: '/api/graphql', scanner: 'API Scanner', description: 'GraphQL introspection query reveals entire API schema including internal queries and mutations.', impact: 'Attacker can enumerate all API endpoints, understand data relationships, and craft targeted attacks.', remediation: 'Disable introspection in production environments. Implement query depth limiting.', exploitCode: `query IntrospectionQuery { __schema { types { name fields { name type { name } } } } }`, timestamp: Date.now() - 240000 }, { id: 3, title: 'Reflected XSS in Search Parameter', severity: 'high', cvss: 7.2, cwe: 'CWE-79', url: '/search?q=', scanner: 'dalfox', description: 'User input in search parameter is reflected without sanitization, allowing XSS attacks.', impact: 'Session hijacking, credential theft, defacement, malware distribution.', remediation: 'Implement proper input sanitization and output encoding. Use Content Security Policy.', exploitCode: `https://example-app.com/search?q=`, timestamp: Date.now() - 356000 }, { id: 4, title: 'SQL Injection in Login Form', severity: 'critical', cvss: 9.1, cwe: 'CWE-89', url: '/api/auth/login', scanner: 'SQLMap', description: 'Username parameter is vulnerable to boolean-based blind SQL injection.', impact: 'Full database compromise, authentication bypass, data exfiltration.', remediation: 'Use parameterized queries/prepared statements. Never concatenate user input into SQL.', exploitCode: `username=admin' OR '1'='1' --&password=anything`, timestamp: Date.now() - 180000 }, { id: 5, title: 'Missing Security Headers', severity: 'medium', cvss: 5.3, cwe: 'CWE-16', url: '/', scanner: 'Security Headers', description: 'Application missing critical security headers: CSP, X-Frame-Options, HSTS.', impact: 'Vulnerable to clickjacking, MITM attacks, and XSS exploitation.', remediation: 'Implement comprehensive security headers in server configuration.', exploitCode: `Missing headers:\n- Content-Security-Policy\n- X-Frame-Options\n- Strict-Transport-Security\n- X-Content-Type-Options`, timestamp: Date.now() - 420000 }, { id: 6, title: 'CORS Misconfiguration', severity: 'medium', cvss: 6.5, cwe: 'CWE-942', url: '/api/*', scanner: 'CORS Scanner', description: 'API accepts requests from any origin with credentials enabled.', impact: 'Cross-origin data theft, CSRF attacks bypassing SameSite protection.', remediation: 'Whitelist specific origins. Never use wildcard (*) with credentials: true.', exploitCode: `Access-Control-Allow-Origin: *\nAccess-Control-Allow-Credentials: true`, timestamp: Date.now() - 300000 }, { id: 7, title: 'JWT Algorithm Confusion', severity: 'high', cvss: 8.1, cwe: 'CWE-327', url: '/api/auth/verify', scanner: 'JWT_Tool', description: 'JWT verification accepts "none" algorithm, allowing token forgery.', impact: 'Complete authentication bypass, privilege escalation to admin.', remediation: 'Explicitly whitelist allowed algorithms (RS256, ES256). Reject "none" algorithm.', exploitCode: `eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJ1c2VyIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4ifQ.`, timestamp: Date.now() - 480000 }, { id: 8, title: 'Subdomain Takeover Risk', severity: 'medium', cvss: 6.8, cwe: 'CWE-350', url: 'blog.example-app.com', scanner: 'Sublist3r', description: 'DNS points to unclaimed GitHub Pages. Subdomain can be taken over.', impact: 'Phishing attacks, malware distribution, reputation damage, session hijacking.', remediation: 'Remove dangling DNS records or claim the resource.', exploitCode: `CNAME: blog.example-app.com -> example-app.github.io\nStatus: Not Found (404)`, timestamp: Date.now() - 600000 } ]; const SCAN_LOGS = [ { time: '00:01', level: 'INFO', module: 'INIT', message: 'Scan initialized for example-app.com', color: 'emerald' }, { time: '00:02', level: 'INFO', module: 'RECON', message: 'Discovering endpoints via sitemap and robots.txt', color: 'cyan' }, { time: '00:05', level: 'SUCCESS', module: 'RECON', message: 'Found 47 endpoints', color: 'emerald' }, { time: '00:06', level: 'INFO', module: 'FINGERPRINT', message: 'Detecting technology stack...', color: 'cyan' }, { time: '00:08', level: 'SUCCESS', module: 'FINGERPRINT', message: 'Stack: React 18.2, Next.js 13, GraphQL API', color: 'emerald' }, { time: '00:10', level: 'WARN', module: 'WAF', message: 'WAF detected: Cloudflare', color: 'yellow' }, { time: '00:11', level: 'INFO', module: 'EVASION', message: 'Generating WAF bypass chains...', color: 'orange' }, { time: '00:15', level: 'INFO', module: 'NUCLEI', message: 'Testing 1,247 templates...', color: 'cyan' }, { time: '00:22', level: 'CRITICAL', module: 'API-KEY', message: 'API key exposed in /static/chunks/app-bundle-f3a2.js', color: 'red' }, { time: '00:28', level: 'HIGH', module: 'GRAPHQL', message: 'GraphQL introspection enabled at /api/graphql', color: 'orange' }, { time: '00:35', level: 'INFO', module: 'DALFOX', message: 'XSS fuzzing: 142 payloads tested', color: 'cyan' }, { time: '00:41', level: 'HIGH', module: 'XSS', message: 'Reflected XSS in search parameter', color: 'orange' }, { time: '00:48', level: 'INFO', module: 'SQLMAP', message: 'Testing SQL injection vectors...', color: 'cyan' }, { time: '00:55', level: 'CRITICAL', module: 'SQLI', message: 'SQL injection in /api/auth/login', color: 'red' }, { time: '01:02', level: 'MEDIUM', module: 'HEADERS', message: 'Missing security headers detected', color: 'yellow' }, { time: '01:08', level: 'MEDIUM', module: 'CORS', message: 'CORS misconfiguration found', color: 'yellow' }, { time: '01:15', level: 'INFO', module: 'JWT', message: 'Analyzing JWT implementation...', color: 'cyan' }, { time: '01:22', level: 'HIGH', module: 'JWT', message: 'JWT accepts "none" algorithm', color: 'orange' }, { time: '01:30', level: 'INFO', module: 'SUBDOMAIN', message: 'Enumerating subdomains...', color: 'cyan' }, { time: '01:45', level: 'MEDIUM', module: 'SUBDOMAIN', message: 'Subdomain takeover risk on blog.example-app.com', color: 'yellow' }, { time: '02:00', level: 'INFO', module: 'AI-ANALYZE', message: 'Running AI vulnerability analysis...', color: 'purple' }, { time: '02:15', level: 'SUCCESS', module: 'AI-ANALYZE', message: 'Identified 3 exploit chains with 87% confidence', color: 'emerald' }, { time: '02:30', level: 'INFO', module: 'CHAINS', message: 'Attack chain: SQLi → Database Dump → Credential Reuse', color: 'cyan' }, { time: '02:45', level: 'INFO', module: 'COMPLETE', message: 'Scan completed. Total findings: 8', color: 'emerald' } ]; const SCANNER_LIST = { basic: [ { id: 'csrf', name: 'CSRF Detection', tool: 'Nuclei', duration: '2-4 min' }, { id: 'xss', name: 'XSS Scanner', tool: 'dalfox', duration: '3-5 min' }, { id: 'sqli', name: 'SQL Injection', tool: 'SQLMap', duration: '4-8 min' }, { id: 'headers', name: 'Security Headers', tool: 'Custom', duration: '1-2 min' }, { id: 'cors', name: 'CORS Misconfiguration', tool: 'Custom', duration: '1-2 min' } ], advanced: [ { id: 'lfi', name: 'LFI/Path Traversal', tool: 'Custom', duration: '5-10 min' }, { id: 'rfi', name: 'RFI Detection', tool: 'Custom', duration: '4-8 min' }, { id: 'xxe', name: 'XXE Scanner', tool: 'Custom', duration: '3-6 min' }, { id: 'ssrf', name: 'SSRF Detection', tool: 'Custom', duration: '5-10 min' }, { id: 'idor', name: 'IDOR Scanner', tool: 'Custom', duration: '6-12 min' }, { id: 'redirect', name: 'Open Redirect', tool: 'Custom', duration: '2-4 min' } ], deep: [ { id: 'subdomain', name: 'Subdomain Takeover', tool: 'Sublist3r', duration: '15-30 min' }, { id: 'jwt', name: 'JWT Security', tool: 'JWT_Tool', duration: '10-20 min' }, { id: 'apikey', name: 'API Key Scanner', tool: 'Custom', duration: '8-15 min' } ] }; // ==================== SCAN ENGINE ==================== function generateMockScan(targetUrl, selectedScanners) { const scanId = 'scan_' + Date.now(); const findings = MOCK_VULNERABILITIES.slice(0, Math.min(8, selectedScanners.length)); return { id: scanId, target: targetUrl, status: 'completed', duration: '2m 45s', startTime: new Date().toLocaleTimeString(), endTime: new Date(Date.now() + 165000).toLocaleTimeString(), scannerCount: selectedScanners.length, findings: findings, critical: findings.filter(f => f.severity === 'critical').length, high: findings.filter(f => f.severity === 'high').length, medium: findings.filter(f => f.severity === 'medium').length, low: 0, vectors: 247, timestamp: Date.now() }; } async function startLiveScan(targetUrl, scanners) { window.SCAFU.currentScan = { id: 'scan_' + Date.now(), target: targetUrl, scanners: scanners, progress: 0, findings: [], logs: [], startTime: Date.now() }; // Show live scan overlay const overlay = document.getElementById('live-scan-overlay'); if (overlay) { overlay.classList.remove('hidden'); } // Simulate scan progress let progress = 0; let logIndex = 0; const totalDuration = 30000; // 30 seconds const interval = 1000; const progressInterval = setInterval(() => { progress += (100 / (totalDuration / interval)); window.SCAFU.currentScan.progress = Math.min(Math.floor(progress), 100); // Update progress display const progressEl = document.getElementById('scan-progress'); if (progressEl) { progressEl.textContent = Math.min(Math.floor(progress), 100); } // Add logs if (logIndex < SCAN_LOGS.length && progress >= (logIndex / SCAN_LOGS.length) * 100) { addScanLog(SCAN_LOGS[logIndex]); logIndex++; } // Add findings at specific intervals if (progress >= 40 && window.SCAFU.currentScan.findings.length === 0) { addFinding(MOCK_VULNERABILITIES[0]); } if (progress >= 60 && window.SCAFU.currentScan.findings.length === 1) { addFinding(MOCK_VULNERABILITIES[1]); addFinding(MOCK_VULNERABILITIES[2]); } if (progress >= 80 && window.SCAFU.currentScan.findings.length === 3) { addFinding(MOCK_VULNERABILITIES[3]); addFinding(MOCK_VULNERABILITIES[4]); } // Complete scan if (progress >= 100) { clearInterval(progressInterval); completeScan(); } }, interval); } function addScanLog(log) { const console = document.getElementById('scan-console'); if (!console) return; const logEntry = document.createElement('div'); logEntry.className = `log-entry flex items-start gap-3 p-2 rounded hover:bg-white/5 ${log.level === 'CRITICAL' ? 'bg-red-500/10 border-l-4 border-red-400' : log.level === 'HIGH' ? 'bg-orange-500/10 border-l-4 border-orange-400' : ''}`; logEntry.innerHTML = ` ${log.time} [${log.module}] ${log.message} `; console.appendChild(logEntry); console.scrollTop = console.scrollHeight; } function addFinding(vulnerability) { window.SCAFU.currentScan.findings.push(vulnerability); window.SCAFU.scanResults.push(vulnerability); // Update counters updateFindingCounters(); } function updateFindingCounters() { const findings = window.SCAFU.currentScan.findings; document.getElementById('critical-count').textContent = findings.filter(f => f.severity === 'critical').length; document.getElementById('high-count').textContent = findings.filter(f => f.severity === 'high').length; document.getElementById('medium-count').textContent = findings.filter(f => f.severity === 'medium').length; } function completeScan() { const scan = generateMockScan(window.SCAFU.currentScan.target, window.SCAFU.currentScan.scanners); window.SCAFU.scanHistory.unshift(scan); // Show completion notification setTimeout(() => { alert('Scan completed! Found ' + scan.findings.length + ' vulnerabilities.'); document.getElementById('live-scan-overlay').classList.add('hidden'); // Navigate to results if (typeof switchTab === 'function') { switchTab('results'); } }, 1000); } // ==================== EXPORT ==================== console.log('SCAFU Scan Engine loaded');