Upload 14 files

app.py

@@ -0,0 +1,84 @@
+# app.py
+import gradio as gr
+from sql_injection.sql_injection import run_sqlmap
+from qr_detector.qr_detector import qr_code_audit_app
+from phishing_checker.phishing_checker import phishing_url_checker, phishing_email_checker, phishing_sms_checker
+from data_breach_checker.password_checker import gradio_password_strength, gradio_generate_password, gradio_breach_checker
+from vulnerability_scanner.vulnerability_scanner import vulnerability_scanner
+from encryption_tool.encryption_tool import generate_key, encrypt_message, decrypt_message
+
+# Create the Gradio interface
+with gr.Blocks() as demo:
+    gr.Markdown("# 🛡️ CyberSuite Toolkit Dashboard")
+
+    with gr.Tab("SQL Injection"):
+        gr.Interface(
+            fn=run_sqlmap,
+            inputs=gr.Textbox(label="Enter URL to test for SQL Injection"),
+            outputs="file",
+            title="SQL Injection Testing with SQLmap",
+            description="Test a URL for SQL Injection using SQLmap automation. Download the results after the scan."
+        )
+
+    with gr.Tab("QR Detector"):
+        gr.Interface(
+            fn=qr_code_audit_app,
+            inputs=[gr.Image(label="Upload or Capture QR Code"), gr.Textbox(label="urlscan.io API Key (Optional)")],
+            outputs=[
+                gr.Textbox(label="Analysis Result"),
+                gr.Textbox(label="Decoded QR Data"),
+                gr.Textbox(label="Link Category"),
+                gr.Textbox(label="URL Type (Safe, Potential Issue, Malicious)"),
+                gr.Textbox(label="urlscan.io Report Link")
+            ]
+        )
+
+    with gr.Tab("Phishing Detection"):
+        with gr.Tab("URL Phishing Checker"):
+            gr.Interface(fn=phishing_url_checker, inputs=[
+                gr.Textbox(label="Enter URL", placeholder="https://example.com"),
+                gr.Textbox(label="urlscan.io API Key (Optional)")
+            ], outputs="text")
+        with gr.Tab("Email Phishing Checker"):
+            gr.Interface(fn=phishing_email_checker, inputs="text", outputs="text")
+        with gr.Tab("SMS Phishing Checker"):
+            gr.Interface(fn=phishing_sms_checker, inputs="text", outputs="text")
+
+    with gr.Tab("Password & Data Breach Management"):
+        with gr.Tab("Check Password Strength"):
+            gr.Interface(fn=gradio_password_strength, inputs="text", outputs="text")
+        with gr.Tab("Generate Password"):
+            gr.Interface(fn=gradio_generate_password, inputs=[
+                gr.Slider(label="Password Length", minimum=8, maximum=64, step=1, value=12),
+                gr.Checkbox(label="Include Uppercase Letters", value=True),
+                gr.Checkbox(label="Include Lowercase Letters", value=True),
+                gr.Checkbox(label="Include Digits", value=True),
+                gr.Checkbox(label="Include Special Characters", value=True)
+            ], outputs="text")
+        with gr.Tab("Check Password Breach"):
+            gr.Interface(fn=gradio_breach_checker, inputs="text", outputs="text")
+    
+    with gr.Tab("Vulnerability Scanner"):
+        gr.Interface(
+            fn=vulnerability_scanner,
+            inputs=gr.Textbox(label="Enter Website URL", placeholder="https://example.com"),
+            outputs=gr.Textbox(label="Scan Results")
+        )
+
+    with gr.Tab("Encryption Tool"):
+        with gr.Tab("Generate Key"):
+            gr.Interface(fn=generate_key, inputs=None, outputs="text")
+        with gr.Tab("Encrypt Message"):
+            gr.Interface(fn=encrypt_message, inputs=[
+                gr.Textbox(label="Enter message to encrypt"),
+                gr.Textbox(label="Enter encryption key")
+            ], outputs="text")
+        with gr.Tab("Decrypt Message"):
+            gr.Interface(fn=decrypt_message, inputs=[
+                gr.Textbox(label="Enter encrypted message"),
+                gr.Textbox(label="Enter decryption key")
+            ], outputs="text")
+
+# Run the app
+if __name__ == "__main__":
+    demo.launch()

data_breach_checker/password_checker.py

@@ -0,0 +1,98 @@
+# data_breach_checker/password_checker.py
+import requests
+import hashlib
+import string
+import random
+
+
+def gradio_breach_checker(password):
+    """
+    Checks if a password has been exposed in data breaches using the Have I Been Pwned API.
+    
+    Args:
+        password (str): The password to check.
+    
+    Returns:
+        str: Breach status message.
+    """
+    sha1_hash = hashlib.sha1(password.encode()).hexdigest().upper()
+    prefix, suffix = sha1_hash[:5], sha1_hash[5:]
+    url = f"https://api.pwnedpasswords.com/range/{prefix}"
+    
+    response = requests.get(url)
+    if response.status_code != 200:
+        return "Error checking password breach status."
+    
+    hashes = (line.split(":") for line in response.text.splitlines())
+    for h, count in hashes:
+        if h == suffix:
+            return f"Your password has been breached {count} times. Avoid using it!"
+    
+    return "Good news! Your password has not been found in any breaches."
+
+
+def gradio_generate_password(length=12, include_upper=True, include_lower=True, include_digits=True, include_special=True):
+    """
+    Generates a random, secure password.
+    
+    Args:
+        length (int): Length of the password.
+        include_upper (bool): Include uppercase letters.
+        include_lower (bool): Include lowercase letters.
+        include_digits (bool): Include digits.
+        include_special (bool): Include special characters.
+    
+    Returns:
+        str: The generated password.
+    """
+    if length < 8:
+        return "Password length must be at least 8 characters."
+
+    char_pool = ""
+    if include_upper:
+        char_pool += string.ascii_uppercase
+    if include_lower:
+        char_pool += string.ascii_lowercase
+    if include_digits:
+        char_pool += string.digits
+    if include_special:
+        char_pool += string.punctuation
+
+    if not char_pool:
+        return "Please select at least one character type."
+
+    return "".join(random.choices(char_pool, k=length))
+
+
+def gradio_password_strength(password):
+    """
+    Evaluates the strength of a password.
+    
+    Args:
+        password (str): The password to evaluate.
+    
+    Returns:
+        str: Strength feedback message.
+    """
+    feedback = []
+    if len(password) < 8:
+        feedback.append("Password must be at least 8 characters long.")
+
+    has_upper = any(char.isupper() for char in password)
+    has_lower = any(char.islower() for char in password)
+    has_digit = any(char.isdigit() for char in password)
+    has_special = any(char in string.punctuation for char in password)
+
+    if not has_upper:
+        feedback.append("Add at least one uppercase letter.")
+    if not has_lower:
+        feedback.append("Add at least one lowercase letter.")
+    if not has_digit:
+        feedback.append("Add at least one digit.")
+    if not has_special:
+        feedback.append("Add at least one special character (e.g., @, #, $).")
+
+    if not feedback:
+        return "Strong: Your password is secure!"
+    else:
+        return "Weak/Moderate:\n" + "\n".join(feedback)

encryption_tool/encryption_tool.py

@@ -0,0 +1,51 @@
+# encryption_tool/encryption_tool.py
+from cryptography.fernet import Fernet
+
+
+def generate_key():
+    """
+    Generates a secret key for encryption and decryption.
+    
+    Returns:
+        str: The generated key.
+    """
+    key = Fernet.generate_key()
+    return key.decode()
+
+
+def encrypt_message(message, key):
+    """
+    Encrypts a message using the provided key.
+    
+    Args:
+        message (str): The message to encrypt.
+        key (str): The encryption key.
+    
+    Returns:
+        str: The encrypted message.
+    """
+    try:
+        fernet = Fernet(key.encode())
+        encrypted_message = fernet.encrypt(message.encode())
+        return encrypted_message.decode()
+    except Exception as e:
+        return f"Encryption failed: {str(e)}"
+
+
+def decrypt_message(encrypted_message, key):
+    """
+    Decrypts an encrypted message using the provided key.
+    
+    Args:
+        encrypted_message (str): The encrypted message to decrypt.
+        key (str): The encryption key.
+    
+    Returns:
+        str: The decrypted message or an error message.
+    """
+    try:
+        fernet = Fernet(key.encode())
+        decrypted_message = fernet.decrypt(encrypted_message.encode()).decode()
+        return decrypted_message
+    except Exception as e:
+        return f"Decryption failed: {str(e)}"

phishing_checker/phishing_checker.py

@@ -0,0 +1,101 @@
+# phishing_checker/phishing_checker.py
+import requests
+import re
+import dns.resolver
+from urllib.parse import urlparse
+
+def phishing_url_checker(url, api_key=None):
+    """
+    Checks if a URL is potentially malicious using keyword analysis and optional urlscan.io API.
+    
+    Args:
+        url (str): The URL to check.
+        api_key (str, optional): API key for urlscan.io.
+    
+    Returns:
+        str: Analysis result.
+    """
+    if not url.startswith(("http://", "https://")):
+        return "Invalid URL format. Make sure it starts with http:// or https://"
+
+    parsed_url = urlparse(url)
+    domain = parsed_url.netloc.lower()
+
+    # Check for phishing-related keywords
+    phishing_keywords = ["login", "verify", "banking", "secure", "update", "password", "account"]
+    if any(keyword in url.lower() for keyword in phishing_keywords):
+        return f"⚠️ Suspicious URL detected: Contains phishing-related keywords ({', '.join(phishing_keywords)})"
+
+    # Check for excessive subdomains
+    if domain.count('.') > 2:
+        return f"⚠️ Suspicious URL: {domain} has too many subdomains, a common phishing technique."
+
+    # Optional: Check with urlscan.io
+    if api_key:
+        return check_with_urlscan(api_key, url)
+    
+    return "✅ URL appears safe (No immediate threats detected). However, always verify manually."
+
+
+def check_with_urlscan(api_key, url):
+    urlscan_url = "https://urlscan.io/api/v1/scan/"
+    headers = {"API-Key": api_key, "Content-Type": "application/json"}
+    payload = {"url": url, "visibility": "public"}
+    
+    try:
+        response = requests.post(urlscan_url, json=payload, headers=headers)
+        response.raise_for_status()
+        result_data = response.json()
+        scan_id = result_data.get("uuid")
+        if scan_id:
+            return f"🔍 URL submitted for scanning. View detailed report here: https://urlscan.io/result/{scan_id}/"
+        else:
+            return "⚠️ Error: Unable to retrieve scan result."
+    except requests.exceptions.RequestException as e:
+        return f"⚠️ Error contacting urlscan.io: {str(e)}"
+
+
+def phishing_email_checker(email):
+    """
+    Checks if an email domain has valid MX records.
+    
+    Args:
+        email (str): The email address to check.
+    
+    Returns:
+        str: Email validation result.
+    """
+    if "@" not in email:
+        return "Invalid email format."
+    
+    domain = email.split('@')[-1]
+    try:
+        answers = dns.resolver.resolve(domain, 'MX')
+        if answers:
+            return f"✅ Email domain '{domain}' has valid MX records. Likely legitimate."
+    except:
+        return f"⚠️ Warning: Email domain '{domain}' has no valid mail exchange records."
+    
+    return f"⚠️ Unable to verify email domain '{domain}'."
+
+
+def phishing_sms_checker(sms_text):
+    """
+    Scans an SMS message for phishing indicators.
+    
+    Args:
+        sms_text (str): The SMS content.
+    
+    Returns:
+        str: Analysis result.
+    """
+    phishing_keywords = ["urgent", "bank", "click here", "verify", "account locked", "reset password"]
+    shortened_url_patterns = ["bit.ly", "tinyurl.com", "goo.gl", "t.co"]
+
+    if any(keyword in sms_text.lower() for keyword in phishing_keywords):
+        return f"⚠️ Suspicious SMS detected: Contains phishing-related keywords ({', '.join(phishing_keywords)})"
+
+    if any(url in sms_text.lower() for url in shortened_url_patterns):
+        return f"⚠️ Suspicious SMS detected: Contains a shortened URL ({', '.join(shortened_url_patterns)}), often used in phishing."
+
+    return "✅ SMS appears safe. No immediate threats detected."

qr_detector/qr_detector.py

@@ -0,0 +1,76 @@
+# qr_detector/qr_detector.py
+import cv2
+import numpy as np
+import requests
+import re
+from urllib.parse import urlparse
+from bs4 import BeautifulSoup
+
+def qr_code_audit_app(image, api_key=None):
+    """
+    Decodes a QR code from an image and analyzes the URL.
+    
+    Args:
+        image: The image containing the QR code.
+        api_key (str, optional): API key for urlscan.io to check the URL.
+    
+    Returns:
+        dict: Analysis results including decoded data, link category, and threat status.
+    """
+    try:
+        image = cv2.cvtColor(np.array(image), cv2.COLOR_RGB2BGR)
+        detector = cv2.QRCodeDetector()
+        data, _, _ = detector.detectAndDecode(image)
+        
+        if not data:
+            return {"result": "No QR code detected!"}
+        
+        result, category, status = analyze_url(data)
+        
+        if api_key:
+            urlscan_result = check_url_with_urlscan(api_key, data)
+            result += f"\nurlscan.io: {urlscan_result}"
+        
+        return {"result": result, "decoded_data": data, "category": category, "status": status}
+    
+    except Exception as e:
+        return {"result": f"Error processing image: {str(e)}"}
+
+
+def analyze_url(url):
+    if not re.match(r'^https?://', url):
+        return "Invalid QR code content. Not a URL.", "Invalid", "Invalid"
+    
+    parsed_url = urlparse(url)
+    domain = parsed_url.netloc
+    
+    # Basic URL categorization
+    if "facebook.com" in domain or "twitter.com" in domain:
+        category = "Social Media"
+    elif parsed_url.path.endswith(('.pdf', '.zip')):
+        category = "File Download"
+    else:
+        category = "General Website"
+    
+    try:
+        response = requests.get(url, timeout=5)
+        if response.status_code == 200:
+            return f"Safe URL: {url}", category, "Safe"
+        else:
+            return f"Potential Issue: HTTP {response.status_code}", category, "Potential Issue"
+    except requests.exceptions.RequestException:
+        return "Malicious or Unreachable URL.", "Malicious/Unreachable", "Malicious"
+
+
+def check_url_with_urlscan(api_key, url):
+    urlscan_url = "https://urlscan.io/api/v1/scan/"
+    headers = {"API-Key": api_key, "Content-Type": "application/json"}
+    payload = {"url": url}
+    
+    try:
+        response = requests.post(urlscan_url, json=payload, headers=headers)
+        response.raise_for_status()
+        result_url = response.json().get("result")
+        return result_url if result_url else "Scan submitted, check urlscan.io for results."
+    except requests.exceptions.RequestException as e:
+        return f"Error contacting urlscan.io: {str(e)}"

requirements.txt

@@ -0,0 +1,10 @@
+gradio 
+sqlmap
+opencv-python 
+numpy 
+matplotlib 
+requests 
+hashlib 
+beautifulsoup4 
+dns-python 
+cryptography

sql_injection/sql_injection.py

@@ -0,0 +1,46 @@
+import subprocess
+
+def run_sqlmap(url):
+    """
+    Runs SQLmap on the given URL to test for SQL Injection vulnerabilities.
+
+    Args:
+        url (str): The URL to test for SQL Injection.
+
+    Returns:
+        str: Path to the results file or an error message.
+    """
+    try:
+        # Define the path to sqlmap.py
+        sqlmap_path = './sqlmap/sqlmap.py'
+
+        # Create the SQLmap command
+        command = [
+            'python3', sqlmap_path,
+            '-u', url,               # The URL to test for SQL Injection
+            '--batch',               # Automatically proceed with default options
+            '--level=5',             # Maximum level of testing
+            '--risk=3',              # Maximum risk for more aggressive tests
+            '--threads=10'           # Use 10 threads for faster testing
+        ]
+
+        # Run the SQLmap command
+        result = subprocess.run(command, capture_output=True, text=True)
+
+        # Define the output file path
+        output_file = "./sqlmap_result.txt"
+
+        # Save the results to a file
+        with open(output_file, "w") as file:
+            if result.returncode == 0:
+                file.write(result.stdout)
+            else:
+                file.write(f"Error: {result.stderr}")
+
+        # Return the file path for downloading
+        return output_file
+    except Exception as e:
+        error_file = "./sqlmap_error.txt"
+        with open(error_file, "w") as file:
+            file.write(f"Error running SQLmap: {str(e)}")
+        return error_file

vulnerability_scanner/vulnerability_scanner.py

@@ -0,0 +1,80 @@
+# vulnerability_scanner/vulnerability_scanner.py
+import requests
+from bs4 import BeautifulSoup
+
+def vulnerability_scanner(url):
+    """
+    Scans a website for common vulnerabilities like outdated software, misconfigurations, and directory listing.
+    
+    Args:
+        url (str): The website URL to scan.
+    
+    Returns:
+        str: Scan results or error message.
+    """
+    vulnerabilities = []
+
+    try:
+        response = requests.get(url, timeout=10)
+        report = f"[+] Connected to {url}\n"
+
+        server_header = response.headers.get('Server')
+        if server_header:
+            report += f"[*] Detected Server: {server_header}\n"
+            vulnerabilities.extend(check_server_version(server_header))
+        else:
+            report += "[-] No 'Server' header found.\n"
+
+        if is_directory_listing_enabled(url):
+            vulnerabilities.append("Directory listing is enabled.")
+
+        if 'X-Content-Type-Options' not in response.headers:
+            vulnerabilities.append("X-Content-Type-Options header is missing.")
+
+        html_vulnerabilities = scan_meta_tags(response.text)
+        vulnerabilities.extend(html_vulnerabilities)
+
+        if vulnerabilities:
+            report += "\n[!] Vulnerabilities Found:\n"
+            for vuln in vulnerabilities:
+                report += f"  - {vuln}\n"
+        else:
+            report += "\n[+] No vulnerabilities detected.\n"
+
+    except requests.RequestException as e:
+        report = f"[-] Error connecting to {url}: {e}"
+
+    return report
+
+
+def check_server_version(server_header):
+    issues = []
+    if "Apache" in server_header:
+        version = server_header.split('/')[1] if '/' in server_header else "Unknown"
+        if version and version != "Unknown":
+            if version < "2.4.57":
+                issues.append(f"Outdated Apache version: {version}")
+    return issues
+
+
+def is_directory_listing_enabled(url):
+    test_url = f"{url.rstrip('/')}/test-dir"
+    try:
+        response = requests.get(test_url)
+        if response.status_code == 200 and "Index of" in response.text:
+            return True
+    except requests.RequestException:
+        pass
+    return False
+
+
+def scan_meta_tags(html_content):
+    issues = []
+    soup = BeautifulSoup(html_content, 'html.parser')
+    meta_tags = soup.find_all("meta")
+    for tag in meta_tags:
+        if "generator" in tag.attrs.get("name", "").lower():
+            generator_content = tag.attrs.get("content", "").lower()
+            if "wordpress" in generator_content and "6.3" not in generator_content:
+                issues.append(f"Outdated WordPress version: {generator_content}")
+    return issues