Spaces:

ziffir
/

SecureReason-AI

Running

App Files Files Community

ziffir commited on 6 days ago

Commit

3a0665a

verified ·

1 Parent(s): c835198

Update app.py

Browse files

Files changed (1) hide show

app.py +602 -169

app.py CHANGED Viewed

@@ -1,180 +1,613 @@
-# ... (önceki import'ların sonuna ekle)
-import networkx as nx
-import plotly.graph_objects as go
-import matplotlib.pyplot as plt
-from io import BytesIO
 import base64
-# ────────────────────────────────────────────────
-# Attack Graph Görselleştirme Fonksiyonları
-# ────────────────────────────────────────────────
-def create_attack_graph_data(recon_data: Dict) -> Dict:
-    """Graph verisini hazırlar (nodes, edges)"""
-    nodes = ["User", "Browser"]
-    edges = [("User", "Browser")]
-    forms_count = recon_data.get("forms_count", 0)
-    js_count = recon_data.get("js_files_count", 0)
-    if forms_count > 0:
-        nodes.append("Form Submission")
-        edges.append(("User", "Form Submission"))
-        edges.append(("Form Submission", "Backend"))
-    if js_count > 0:
-        nodes.append("Client JS")
-        edges.append(("Browser", "Client JS"))
-        # Örnek endpoint'ler (gerçekte recon'dan gelebilir)
-        for i in range(min(js_count, 4)):  # max 4 örnek göster
-            ep_name = f"API/Endpoint {i+1}"
-            nodes.append(ep_name)
-            edges.append(("Client JS", ep_name))
-    # Riskli noktaları vurgula (örnek)
-    risky_nodes = []
-    if forms_count > 2:
-        risky_nodes.append("Form Submission")
-    if js_count > 8:
-        risky_nodes.append("Client JS")
-    return {
-        "nodes": nodes,
-        "edges": edges,
-        "risky": risky_nodes
     }
-def visualize_attack_graph_plotly(graph_data: Dict) -> go.Figure:
-    """Plotly ile interaktif graph"""
-    G = nx.DiGraph()
-    G.add_edges_from(graph_data["edges"])
-    pos = nx.spring_layout(G, seed=42)  # reproducible layout
-    edge_x = []
-    edge_y = []
-    for edge in G.edges():
-        x0, y0 = pos[edge[0]]
-        x1, y1 = pos[edge[1]]
-        edge_x.extend([x0, x1, None])
-        edge_y.extend([y0, y1, None])
-    edge_trace = go.Scatter(
-        x=edge_x, y=edge_y,
-        line=dict(width=2, color='#888'),
-        hoverinfo='none',
-        mode='lines'
-    )
-    node_x = []
-    node_y = []
-    node_text = []
-    node_color = []
-    for node in G.nodes():
-        x, y = pos[node]
-        node_x.append(x)
-        node_y.append(y)
-        node_text.append(node)
-        if node in graph_data["risky"]:
-            node_color.append('#ff4444')  # kırmızı = riskli
-        else:
-            node_color.append('#1f77b4')  # mavi = normal
-    node_trace = go.Scatter(
-        x=node_x, y=node_y,
-        mode='markers+text',
-        hoverinfo='text',
-        text=node_text,
-        textposition="top center",
-        marker=dict(
-            showscale=False,
-            color=node_color,
-            size=30,
-            line_width=2
-        )
-    )
-    fig = go.Figure(data=[edge_trace, node_trace],
-                    layout=go.Layout(
-                        title='Attack Graph Visualization',
-                        titlefont_size=16,
-                        showlegend=False,
-                        hovermode='closest',
-                        margin=dict(b=20, l=5, r=5, t=40),
-                        xaxis=dict(showgrid=False, zeroline=False, showticklabels=False),
-                        yaxis=dict(showgrid=False, zeroline=False, showticklabels=False)
-                    ))
-    return fig
-def visualize_attack_graph_matplotlib(graph_data: Dict) -> str:
-    """Fallback: Matplotlib → base64 PNG"""
-    G = nx.DiGraph()
-    G.add_edges_from(graph_data["edges"])
-    fig, ax = plt.subplots(figsize=(8, 6))
-    pos = nx.spring_layout(G, seed=42)
-    node_colors = ['red' if n in graph_data["risky"] else 'lightblue' for n in G.nodes()]
-    nx.draw(G, pos, with_labels=True,
-            node_color=node_colors,
-            node_size=2200,
-            font_size=10,
-            font_weight='bold',
-            arrows=True,
-            arrowstyle='->',
-            arrowsize=20,
-            ax=ax)
-    ax.set_title("Attack Graph (Static)")
-    buf = BytesIO()
-    plt.savefig(buf, format='png', bbox_inches='tight')
-    buf.seek(0)
-    img_base64 = base64.b64encode(buf.read()).decode('utf-8')
-    plt.close(fig)
-    return f"data:image/png;base64,{img_base64}"
-# ────────────────────────────────────────────────
-# full_vuln_scan fonksiyonunu güncelle (graph kısmı)
-# ────────────────────────────────────────────────
-def full_vuln_scan(target_url: str, progress=gr.Progress(track_tqdm=True)):
-    # ... (önceki kod aynı, recon_data kısmından sonra ekle)
-    progress(0.75, desc="Attack Graph oluşturuluyor...")
-    graph_data = create_attack_graph_data(recon_data)
-    plotly_fig = visualize_attack_graph_plotly(graph_data)
-    # matplotlib_fallback = visualize_attack_graph_matplotlib(graph_data)  # istersen fallback ekle
-    # ... (diğer sonuçlar aynı)
-    return (
-        result_summary,
-        json.dumps(enriched_findings, indent=2, ensure_ascii=False),
-        plotly_fig,   # ← Plotly Figure direkt Plot component'e gider
-        history_md
-    )
-# ────────────────────────────────────────────────
-# Gradio Blocks güncellemesi (Attack Graph Tab)
-# ────────────────────────────────────────────────
-with gr.Blocks(...) as demo:
-    # ... önceki kısımlar aynı
     with gr.Tabs():
-        # ... diğer tab'lar aynı
-        with gr.Tab("Attack Graph"):
-            gr.Markdown("### Potansiyel Saldırı Yolu Görselleştirmesi")
-            gr.Markdown("(Kırmızı node'lar yüksek riskli alanları gösterir)")
-            graph_plot = gr.Plot(label="Interactive Attack Graph (Plotly)")
-    # Events güncelle
-    scan_button.click(
-        fn=full_vuln_scan,
-        inputs=target_input,
-        outputs=[summary_output, json_output, graph_plot, history_output],
-        # ...
     )
-    # ... kalan kısım aynı

+"""
+╔════════════════════════════════════════════════════════════════════════════╗
+║     ADVANCED WEB + BANKING SECURITY RECONNAISSANCE FRAMEWORK              ║
+║     HuggingFace Spaces Free Tier Optimized (16GB RAM, 2CPU, 50GB disk)    ║
+║                                                                            ║
+║     WARNING: FOR AUTHORIZED TESTING ONLY                                  ║
+║     Unauthorized access = Federal Crime (CFAA, Wire Fraud Act)            ║
+╚════════════════════════════════════════════════════════════════════════════╝
+"""
+import gradio as gr
+import requests
+from bs4 import BeautifulSoup
+import json
+import re
 import base64
+import hashlib
+from typing import Dict, List, Tuple, Optional
+from datetime import datetime
+from collections import defaultdict
+import logging
+# Optimize for free tier
+logging.basicConfig(level=logging.WARNING)
+# ════════════════════════════════════════════════════════════════════════════
+# SECTION 0: THREAT DEFINITIONS (Banking + Web Security)
+# ════════════════════════════════════════════════════════════════════════════
+BANKING_VULNERABILITIES = {
+    "🔴 CRITICAL": {
+        "SQL_Injection": {
+            "risk": 9.9,
+            "locations": ["/login", "/search", "/api/users", "/transfer"],
+            "patterns": ["' OR '1'='1", "UNION SELECT", "stacked queries"],
+            "impact": "Full database compromise"
+        },
+        "Authentication_Bypass": {
+            "risk": 9.8,
+            "locations": ["/login", "/api/auth", "/admin"],
+            "patterns": ["Missing MFA", "Weak session management", "Token reuse"],
+            "impact": "Account takeover, fraud"
+        },
+        "IDOR": {
+            "risk": 9.5,
+            "locations": ["/account/123", "/transfer/999", "/card/xyz"],
+            "patterns": ["Sequential IDs", "Predictable parameters"],
+            "impact": "Access to other users' data/accounts"
+        },
+        "RCE": {
+            "risk": 10.0,
+            "locations": ["/upload", "/plugin", "/admin"],
+            "patterns": ["Unrestricted file upload", "Code execution endpoint"],
+            "impact": "Complete server compromise"
+        }
+    },
+    "🟠 HIGH": {
+        "XSS": {
+            "risk": 7.5,
+            "locations": ["/comment", "/search", "/profile"],
+            "patterns": ["<script>", "javascript:", "onerror="],
+            "impact": "Session theft, credential harvesting"
+        },
+        "CSRF": {
+            "risk": 7.3,
+            "locations": ["/transfer", "/payment", "/settings"],
+            "patterns": ["Missing CSRF token", "No SameSite cookie"],
+            "impact": "Unauthorized actions on behalf of users"
+        },
+        "Insecure_API": {
+            "risk": 8.2,
+            "locations": ["/api/v1/", "/api/mobile/"],
+            "patterns": ["No auth check", "Rate limit bypass", "Predictable tokens"],
+            "impact": "Data theft, service disruption"
+        },
+        "Weak_Encryption": {
+            "risk": 7.8,
+            "locations": ["/login", "/transfer", "/card"],
+            "patterns": ["HTTP instead HTTPS", "Old TLS version", "Weak cipher"],
+            "impact": "MITM attack, credential interception"
+        }
+    },
+    "🟡 MEDIUM": {
+        "Information_Disclosure": {
+            "risk": 6.5,
+            "locations": ["/error", "/api/debug", "/backup"],
+            "patterns": ["Stack traces", "API keys in responses", "Version disclosure"],
+            "impact": "Information leakage, further attacks"
+        },
+        "Broken_Access_Control": {
+            "risk": 6.8,
+            "locations": ["/admin", "/settings", "/reports"],
+            "patterns": ["No permission check", "Horizontal privilege escalation"],
+            "impact": "Unauthorized access to sensitive features"
+        },
+        "Insecure_Deserialization": {
+            "risk": 6.9,
+            "locations": ["/config", "/api/data", "/upload"],
+            "patterns": ["pickle.", "unserialize", "unsafe deserialization"],
+            "impact": "RCE, data manipulation"
+        }
     }
+}
+BANKING_INDICATORS = {
+    "Payment Processors": {
+        "Stripe": r"stripe\.(js|com)",
+        "PayPal": r"paypal\.(api|gateway)",
+        "Square": r"squareup\.com",
+        "Wise": r"wise\.com",
+        "Checkout": r"checkout\.com"
+    },
+    "Security Indicators": {
+        "MFA_Enabled": r"(2fa|two-factor|totp|authenticator|mfa)",
+        "OAuth": r"(oauth|openid|saml)",
+        "HTTPS": r"https://",
+        "HSTS": r"Strict-Transport-Security",
+        "CSP": r"Content-Security-Policy"
+    },
+    "Risk Indicators": {
+        "Outdated_Framework": r"(WordPress|Drupal|Joomla|Laravel|Django|Flask)",
+        "Exposed_Admin": r"(/admin|/wp-admin|/administrator)",
+        "Debug_Mode": r"(debug|dev|development|staging)",
+        "Version_Disclosure": r"(X-Powered-By|Server:)"
+    }
+}
+# ════════════════════════════════════════════════════════════════════════════
+# SECTION 1: OPTIMIZED RECONNAISSANCE ENGINE
+# ════════════════════════════════════════════════════════════════════════════
+class QuickReconEngine:
+    """Optimized for HF Spaces free tier (minimal RAM/CPU)"""
+    def __init__(self):
+        self.findings = []
+        self.cache = {}
+    def analyze_target(self, domain: str) -> Dict:
+        """Fast analysis without async/heavy operations"""
+        results = {
+            "domain": domain,
+            "timestamp": datetime.now().isoformat(),
+            "vulnerabilities": [],
+            "risk_summary": {"critical": 0, "high": 0, "medium": 0},
+            "technologies": [],
+            "security_headers": {},
+            "recommendations": []
+        }
+        try:
+            # 1. Basic HTTP analysis
+            results["security_headers"] = self._check_headers(domain)
+            # 2. Technology detection
+            results["technologies"] = self._detect_technologies(domain)
+            # 3. Vulnerability patterns
+            results["vulnerabilities"] = self._detect_vulnerabilities(domain, results["technologies"])
+            # 4. Risk calculation
+            results["risk_summary"] = self._calculate_risk(results["vulnerabilities"])
+            # 5. Recommendations
+            results["recommendations"] = self._generate_recommendations(results["vulnerabilities"])
+        except Exception as e:
+            results["error"] = str(e)
+        return results
+    def _check_headers(self, domain: str) -> Dict:
+        """Check security headers"""
+        headers_check = {
+            "has_https": False,
+            "has_hsts": False,
+            "has_csp": False,
+            "has_x_frame_options": False,
+            "has_x_content_type": False,
+            "vulnerabilities": []
+        }
+        try:
+            resp = requests.head(
+                f"https://{domain}",
+                timeout=5,
+                verify=False,
+                allow_redirects=True
+            )
+            headers = resp.headers
+            headers_check["has_https"] = True
+            if "Strict-Transport-Security" not in headers:
+                headers_check["vulnerabilities"].append("❌ HSTS Header Missing")
+            else:
+                headers_check["has_hsts"] = True
+            if "Content-Security-Policy" not in headers:
+                headers_check["vulnerabilities"].append("⚠️ CSP Header Missing (XSS Risk)")
+            else:
+                headers_check["has_csp"] = True
+            if "X-Frame-Options" not in headers:
+                headers_check["vulnerabilities"].append("⚠️ No X-Frame-Options (Clickjacking Risk)")
+            else:
+                headers_check["has_x_frame_options"] = True
+            if "X-Content-Type-Options" not in headers:
+                headers_check["vulnerabilities"].append("⚠️ No X-Content-Type-Options")
+            else:
+                headers_check["has_x_content_type"] = True
+            # Check for dangerous headers
+            if "Server" in headers:
+                server = headers["Server"]
+                headers_check["vulnerabilities"].append(f"⚠️ Server Info Leak: {server}")
+            if "X-Powered-By" in headers:
+                headers_check["vulnerabilities"].append(f"⚠️ Technology Leak: {headers['X-Powered-By']}")
+        except Exception as e:
+            headers_check["vulnerabilities"].append(f"❌ Cannot reach target: {str(e)}")
+        return headers_check
+    def _detect_technologies(self, domain: str) -> List[str]:
+        """Detect technologies used"""
+        techs = []
+        try:
+            resp = requests.get(
+                f"https://{domain}",
+                timeout=5,
+                verify=False,
+                headers={"User-Agent": "Mozilla/5.0"}
+            )
+            content = resp.text.lower()
+            headers = resp.headers
+            # Check headers
+            if "server" in headers:
+                server = headers["server"].lower()
+                if "apache" in server:
+                    techs.append("Apache")
+                if "nginx" in server:
+                    techs.append("Nginx")
+                if "iis" in server:
+                    techs.append("IIS")
+            # Check content
+            patterns = {
+                "WordPress": r"wp-content|wp-includes|wordpress",
+                "Drupal": r"drupal\.css|sites/default",
+                "Joomla": r"joomla|com_content",
+                "React": r"__react|react\.js",
+                "Vue": r"__vue|vue\.js",
+                "Angular": r"ng-app|angular\.js",
+                "Flask": r"flask|werkzeug",
+                "Django": r"django|django_session",
+                "Laravel": r"laravel_session|xsrf-token",
+                "Stripe": r"stripe\.js|stripe\.com",
+                "PayPal": r"paypal\.com|paypalapi"
+            }
+            for tech, pattern in patterns.items():
+                if re.search(pattern, content):
+                    techs.append(tech)
+        except:
+            pass
+        return list(set(techs))
+    def _detect_vulnerabilities(self, domain: str, technologies: List[str]) -> List[Dict]:
+        """Detect potential vulnerabilities"""
+        vulns = []
+        try:
+            resp = requests.get(
+                f"https://{domain}",
+                timeout=5,
+                verify=False,
+                headers={"User-Agent": "Mozilla/5.0"}
+            )
+            content = resp.text
+            # Check for common vulnerable patterns
+            checks = {
+                "SQL_Injection": {
+                    "patterns": [r"/search\?", r"/find\?", r"/filter\?"],
+                    "risk": 9.9,
+                    "description": "Potential SQL injection points found"
+                },
+                "Exposed_Admin": {
+                    "patterns": [r"/admin", r"/wp-admin", r"/administrator", r"/management"],
+                    "risk": 8.5,
+                    "description": "Admin interface might be exposed"
+                },
+                "Debug_Enabled": {
+                    "patterns": [r"debug.*true", r"debug.*enabled", r"__debugger__"],
+                    "risk": 8.0,
+                    "description": "Debug mode appears to be enabled"
+                },
+                "Version_Disclosure": {
+                    "patterns": [r"v[\d\.]+", r"version.*[\d\.]+", r"wordpress.*[\d\.]+"],
+                    "risk": 5.5,
+                    "description": "Application version information disclosed"
+                },
+                "Stack_Trace_Exposure": {
+                    "patterns": [r"traceback", r"stacktrace", r"at .*line", r"in .*\.py"],
+                    "risk": 7.0,
+                    "description": "Stack traces might be exposed in error pages"
+                }
+            }
+            for vuln_type, check_info in checks.items():
+                for pattern in check_info["patterns"]:
+                    if re.search(pattern, content, re.IGNORECASE):
+                        vulns.append({
+                            "type": vuln_type,
+                            "risk": check_info["risk"],
+                            "description": check_info["description"],
+                            "cvss": f"{check_info['risk']:.1f}"
+                        })
+                        break
+            # Framework-specific vulnerabilities
+            for tech in technologies:
+                if tech == "WordPress":
+                    vulns.append({
+                        "type": "Known_CMS_Vulns",
+                        "risk": 7.5,
+                        "description": f"WordPress might have known vulnerabilities. Check WPScan database.",
+                        "cvss": "7.5"
+                    })
+                elif tech == "Laravel":
+                    vulns.append({
+                        "type": "Laravel_Specific",
+                        "risk": 6.8,
+                        "description": "Check for Laravel-specific vulns (debug mode, CSRF, etc)",
+                        "cvss": "6.8"
+                    })
+        except:
+            pass
+        return vulns
+    def _calculate_risk(self, vulnerabilities: List[Dict]) -> Dict:
+        """Calculate overall risk"""
+        risk_summary = {"critical": 0, "high": 0, "medium": 0}
+        for vuln in vulnerabilities:
+            risk = vuln.get("risk", 5.0)
+            if risk >= 9.0:
+                risk_summary["critical"] += 1
+            elif risk >= 7.0:
+                risk_summary["high"] += 1
+            else:
+                risk_summary["medium"] += 1
+        return risk_summary
+    def _generate_recommendations(self, vulnerabilities: List[Dict]) -> List[str]:
+        """Generate security recommendations"""
+        recommendations = []
+        if not vulnerabilities:
+            return ["✅ No major vulnerabilities detected"]
+        # Critical findings
+        critical = [v for v in vulnerabilities if v.get("risk", 0) >= 9.0]
+        if critical:
+            recommendations.append(f"🔴 CRITICAL: {len(critical)} critical issues found - Immediate action required")
+        # High findings
+        high = [v for v in vulnerabilities if 7.0 <= v.get("risk", 0) < 9.0]
+        if high:
+            recommendations.append(f"🟠 HIGH: {len(high)} high-risk issues - Address within 24-48 hours")
+        # Specific recommendations
+        if any(v["type"] == "Exposed_Admin" for v in vulnerabilities):
+            recommendations.append("🔐 Secure admin interfaces with strong authentication and WAF rules")
+        if any(v["type"] == "SQL_Injection" for v in vulnerabilities):
+            recommendations.append("🛡️ Implement input validation, parameterized queries, and WAF rules")
+        if any(v["type"] == "Debug_Enabled" for v in vulnerabilities):
+            recommendations.append("🔧 Disable debug mode in production immediately")
+        if any(v["type"] == "Version_Disclosure" for v in vulnerabilities):
+            recommendations.append("🚫 Remove version information from headers and error messages")
+        recommendations.extend([
+            "📋 Regular security audits and penetration testing",
+            "🔄 Keep all software updated and patched",
+            "📊 Implement security monitoring and alerting",
+            "👥 Security training for all developers"
+        ])
+        return recommendations
+# ════════════════════════════════════════════════════════════════════════════
+# SECTION 2: ATTACK SURFACE VISUALIZATION
+# ════════════════════════════════════════════════════════════════════════════
+def create_risk_report(analysis: Dict) -> Tuple[str, str, str]:
+    """Generate visual reports for findings"""
+    # Summary Report
+    summary = f"""
+## 🔐 SECURITY ASSESSMENT REPORT
+**Target:** {analysis['domain']}
+**Date:** {analysis['timestamp']}
+### 📊 RISK SUMMARY
+- 🔴 **Critical Issues:** {analysis['risk_summary']['critical']}
+- 🟠 **High Issues:** {analysis['risk_summary']['high']}
+- 🟡 **Medium Issues:** {analysis['risk_summary']['medium']}
+**Overall Risk:** {'CRITICAL 🔴' if analysis['risk_summary']['critical'] > 0 else 'HIGH 🟠' if analysis['risk_summary']['high'] > 0 else 'MEDIUM 🟡'}
+### 🔧 TECHNOLOGIES DETECTED
+{', '.join(analysis['technologies']) if analysis['technologies'] else 'No specific frameworks detected'}
+### 🛡️ SECURITY HEADERS
+- HTTPS: {'✅ Yes' if analysis['security_headers'].get('has_https') else '❌ No'}
+- HSTS: {'✅ Yes' if analysis['security_headers'].get('has_hsts') else '❌ No'}
+- CSP: {'✅ Yes' if analysis['security_headers'].get('has_csp') else '❌ No'}
+- X-Frame-Options: {'✅ Yes' if analysis['security_headers'].get('has_x_frame_options') else '❌ No'}
+### ⚠️ HEADER VULNERABILITIES
+{chr(10).join([f'- {v}' for v in analysis['security_headers'].get('vulnerabilities', [])])}
+### 🎯 VULNERABILITIES FOUND
+"""
+    for vuln in analysis.get('vulnerabilities', []):
+        summary += f"\n**{vuln['type']}** (CVSS: {vuln['cvss']})\n"
+        summary += f"- {vuln['description']}\n"
+    # Recommendations
+    recommendations = "\n### 💡 RECOMMENDATIONS\n"
+    for i, rec in enumerate(analysis['recommendations'], 1):
+        recommendations += f"{i}. {rec}\n"
+    summary += recommendations
+    # JSON Report
+    json_report = json.dumps(analysis, indent=2)
+    # Detailed Report
+    detailed = f"""
+# 📋 DETAILED SECURITY ASSESSMENT
+## Executive Summary
+This assessment evaluated the security posture of **{analysis['domain']}**.
+### Critical Findings
+{f"- {len([v for v in analysis['vulnerabilities'] if v['risk'] >= 9])} critical vulnerabilities detected" if analysis['vulnerabilities'] else "No critical vulnerabilities found"}
+### Methodology
+1. **Passive Reconnaissance** - Public information gathering
+2. **HTTP Analysis** - Security header inspection
+3. **Technology Detection** - Framework and library identification
+4. **Vulnerability Pattern Matching** - Common weakness detection
+### Key Findings
+"""
+    if analysis.get('vulnerabilities'):
+        detailed += "\n#### Vulnerabilities by Severity\n"
+        for vuln in sorted(analysis['vulnerabilities'], key=lambda x: x['risk'], reverse=True):
+            detailed += f"\n- **{vuln['type']}** (Risk: {vuln['risk']}/10)\n"
+            detailed += f"  - {vuln['description']}\n"
+            detailed += f"  - CVSS Score: {vuln['cvss']}\n"
+    detailed += f"""
+### Remediation Guidance
+1. **Immediate Actions** (24-48 hours)
+   - Address all critical findings
+   - Enable security headers
+   - Implement WAF rules
+2. **Short-term** (1-2 weeks)
+   - Patch known vulnerabilities
+   - Implement security controls
+   - Security awareness training
+3. **Long-term** (Ongoing)
+   - Regular assessments
+   - Security monitoring
+   - Incident response planning
+---
+*Assessment conducted: {analysis['timestamp']}*
+*Status: Preliminary - Manual verification recommended*
+"""
+    return summary, json_report, detailed
+# ════════════════════════════════════════════════════════════════════════════
+# SECTION 3: GRADIO INTERFACE (HF Spaces Optimized)
+# ════════════════════════════════════════════════════════════════════════════
+def run_assessment(target_domain: str) -> Tuple[str, str, str]:
+    """Main assessment function"""
+    if not target_domain or len(target_domain) < 3:
+        return (
+            "❌ Invalid domain entered",
+            "{}",
+            "Please enter a valid domain (e.g., example.com)"
+        )
+    # Clean input
+    target = target_domain.strip().replace("https://", "").replace("http://", "").split("/")[0]
+    # Run analysis
+    engine = QuickReconEngine()
+    analysis = engine.analyze_target(target)
+    # Generate reports
+    summary, json_report, detailed = create_risk_report(analysis)
+    return summary, json_report, detailed
+# ════════════════════════════════════════════════════════════════════════════
+# GRADIO UI
+# ════════════════════════════════════════════════════════════════════════════
+with gr.Blocks(
+    theme=gr.themes.Soft(primary_hue="red"),
+    title="Security Assessment Framework"
+) as demo:
+    gr.Markdown("""
+    # 🛡️ ADVANCED SECURITY ASSESSMENT FRAMEWORK
+    ## Web & Banking Security Testing Tool
+    **⚠️ DISCLAIMER:** This tool is for authorized testing only.
+    Unauthorized access to computer systems is a federal crime under the CFAA.
+    **Features:**
+    - 🔍 Fast domain reconnaissance
+    - 🔧 Technology identification
+    - 🚨 Vulnerability detection
+    - 📊 Risk assessment
+    - 💡 Security recommendations
+    """)
+    with gr.Row():
+        with gr.Column(scale=2):
+            domain_input = gr.Textbox(
+                label="🎯 Target Domain",
+                placeholder="example.com (without https://)",
+                info="Enter domain to assess (authorized testing only)"
+            )
+            assess_btn = gr.Button(
+                "🔍 START ASSESSMENT",
+                variant="primary",
+                size="lg"
+            )
+        with gr.Column(scale=1):
+            gr.Markdown("""
+            ### How to Use
+            1. Enter target domain
+            2. Click START ASSESSMENT
+            3. Review findings in tabs
+            ### ⚡ Optimized
+            - Free HF Spaces tier
+            - 10-30 second assessment
+            - No GPU needed
+            """)
     with gr.Tabs():
+        with gr.Tab("📋 Summary Report"):
+            summary_output = gr.Markdown(label="Security Summary")
+        with gr.Tab("📊 JSON Data"):
+            json_output = gr.Code(
+                language="json",
+                label="Raw Assessment Data"
+            )
+        with gr.Tab("📄 Detailed Report"):
+            detailed_output = gr.Markdown(label="Full Assessment")
+    # Event handler
+    assess_btn.click(
+        fn=run_assessment,
+        inputs=domain_input,
+        outputs=[summary_output, json_output, detailed_output]
     )
+# ════════════════════════════════════════════════════════════════════════════
+# LAUNCH
+# ════════════════════════════════════════════════════════════════════════════
+if __name__ == "__main__":
+    demo.launch(
+        share=True,
+        server_name="0.0.0.0",
+        server_port=7860,
+        show_error=True
+    )