Update app.py

app.py

@@ -1,9 +1,13 @@
-"""
+
+# BÖLÜM 1: KODUN 1-7. BÖLÜMLERİ
+# Bu dosyayı app_part1.py olarak kaydedin
+
+part1_code = '''"""
 ═══════════════════════════════════════════════════════════════════════════════
-    PROFESSIONAL RED TEAM WEB RECONNAISSANCE FRAMEWORK v2.0
+    PRIVATE RED TEAM WEB RECONNAISSANCE FRAMEWORK v3.0 - PART 1
     ─────────────────────────────────────────────────────────────────────────
-    Advanced Web Application Security Assessment Tool
-    Features: OSINT, Active Recon, Threat Modeling, STRIDE, MITRE ATT&CK
+    Bölümler: 1-7 (Configuration, Data Models, Stealth, OSINT, Active Recon, 
+    Threat Modeling, Attack Graph)
 ═══════════════════════════════════════════════════════════════════════════════
 """
 
@@ -28,6 +32,10 @@ import plotly.graph_objects as go
 import plotly.express as px
 from io import BytesIO
 import base64
+import ssl
+import socket
+import subprocess
+from urllib.parse import urljoin, urlparse
 
 # ════════════════════════════════════════════════════════════════════════════
 # SECTION 1: CONFIGURATION & CONSTANTS
@@ -81,41 +89,131 @@ STRIDE_THREATS = {
     }
 }
 
-# Technology fingerprints
+# Extended MITRE ATT&CK Matrix
+MITRE_TECHNIQUES = {
+    "Reconnaissance": {
+        "T1592": "Gather Victim Host Information",
+        "T1593": "Search Open Websites/Domains",
+        "T1594": "Search Victim-Owned Websites",
+        "T1595": "Active Scanning",
+        "T1596": "Search Open Technical Databases",
+        "T1597": "Search Closed Sources",
+        "T1598": "Phishing for Information"
+    },
+    "Initial Access": {
+        "T1190": "Exploit Public-Facing Application",
+        "T1199": "Trusted Relationship",
+        "T1566": "Phishing"
+    },
+    "Execution": {
+        "T1059": "Command and Scripting Interpreter",
+        "T1203": "Exploitation for Client Execution"
+    },
+    "Persistence": {
+        "T1078": "Valid Accounts",
+        "T1547": "Boot or Logon Autostart Execution"
+    },
+    "Privilege Escalation": {
+        "T1134": "Access Token Manipulation",
+        "T1548": "Abuse Elevation Control Mechanism"
+    },
+    "Defense Evasion": {
+        "T1562": "Impair Defenses",
+        "T1036": "Masquerading"
+    },
+    "Credential Access": {
+        "T1110": "Brute Force",
+        "T1187": "Forced Authentication"
+    },
+    "Discovery": {
+        "T1526": "Enumerate External Remote Systems",
+        "T1087": "Account Discovery"
+    },
+    "Lateral Movement": {
+        "T1021": "Remote Services",
+        "T1570": "Lateral Tool Transfer"
+    },
+    "Collection": {
+        "T1113": "Screen Capture",
+        "T1115": "Clipboard Data"
+    },
+    "Command and Control": {
+        "T1071": "Application Layer Protocol",
+        "T1572": "Protocol Tunneling"
+    },
+    "Exfiltration": {
+        "T1041": "Exfiltration Over C2 Channel",
+        "T1048": "Exfiltration Over Alternative Protocol"
+    },
+    "Impact": {
+        "T1531": "Account Access Removal",
+        "T1561": "Disk Wipe"
+    }
+}
+
+# Technology fingerprints - Extended
 TECH_FINGERPRINTS = {
     "Web Servers": {
         "Apache": [r"Server: Apache", r"X-Powered-By: Apache"],
         "Nginx": [r"Server: nginx", r"X-Nginx"],
         "IIS": [r"Server: Microsoft-IIS"],
-        "Cloudflare": [r"CF-RAY", r"Cloudflare"]
+        "Cloudflare": [r"CF-RAY", r"Cloudflare"],
+        "AWS": [r"X-Amz", r"AmazonS3"],
+        "Azure": [r"Azure", r"Microsoft-IIS"]
     },
     "CMS": {
         "WordPress": [r"/wp-admin", r"wp-content", r"wp_.*"],
-        "Drupal": [r"/sites/default", r"drupal\.css"],
-        "Joomla": [r"/administrator", r"com_content"]
+        "Drupal": [r"/sites/default", r"drupal\\.css"],
+        "Joomla": [r"/administrator", r"com_content"],
+        "Magento": [r"/skin/frontend", r"Mage.Cookies"],
+        "Shopify": [r"cdn.shopify.com", r"Shopify.theme"]
     },
     "Frameworks": {
         "Django": [r"CSRF", r"django_session"],
         "Flask": [r"werkzeug", r"Flask"],
         "Laravel": [r"XSRF-TOKEN", r"laravel_session"],
-        "Spring": [r"JSESSIONID", r"spring"]
+        "Spring": [r"JSESSIONID", r"spring"],
+        "Ruby on Rails": [r"_rails", r"authenticity_token"],
+        "ASP.NET": [r"ASP.NET_SessionId", r"__VIEWSTATE"]
     },
     "JavaScript": {
-        "React": [r"__REACT", r"react\.js"],
-        "Vue": [r"__VUE", r"vue\.js"],
-        "Angular": [r"ng-app", r"angular\.js"]
+        "React": [r"__REACT", r"react\\.js"],
+        "Vue": [r"__VUE", r"vue\\.js"],
+        "Angular": [r"ng-app", r"angular\\.js"],
+        "jQuery": [r"jquery", r"jQuery"],
+        "Bootstrap": [r"bootstrap", r"data-toggle"]
+    },
+    "Databases": {
+        "MySQL": [r"MySQL", r"sqlstate"],
+        "PostgreSQL": [r"PostgreSQL", r"pg_query"],
+        "MongoDB": [r"MongoDB", r"mongod"],
+        "Redis": [r"Redis", r"redis-cli"]
     }
 }
 
-# Vulnerability database (simplified)
-VULNERABILITY_DATABASE = {
-    "wordpress_plugins": {"severity": "HIGH", "avg_cvss": 7.5},
-    "outdated_framework": {"severity": "HIGH", "avg_cvss": 7.8},
-    "exposed_api": {"severity": "CRITICAL", "avg_cvss": 9.2},
-    "sql_injection": {"severity": "CRITICAL", "avg_cvss": 9.9},
-    "xss": {"severity": "HIGH", "avg_cvss": 6.1},
+# Security Headers to check
+SECURITY_HEADERS = {
+    "Strict-Transport-Security": "HSTS",
+    "Content-Security-Policy": "CSP",
+    "X-Frame-Options": "Clickjacking Protection",
+    "X-Content-Type-Options": "MIME Sniffing Protection",
+    "X-XSS-Protection": "XSS Filter",
+    "Referrer-Policy": "Referrer Control",
+    "Permissions-Policy": "Feature Policy"
 }
 
+# Common endpoints for discovery
+COMMON_ENDPOINTS = [
+    "", "admin", "api", "login", "test", "debug", "config",
+    "api/users", "api/admin", "api/auth", "api/data", "api/v1",
+    "wp-admin", "wp-login", "administrator", "phpmyadmin",
+    "robots.txt", "sitemap.xml", ".env", ".git", ".htaccess",
+    "backup", "db", "database", "dump", "sql", "old",
+    "dev", "staging", "beta", "uat", "demo",
+    "swagger", "api-docs", "graphql", "graphiql",
+    "actuator", "health", "metrics", "prometheus"
+]
+
 # ════════════════════════════════════════════════════════════════════════════
 # SECTION 2: DATA MODELS
 # ════════════════════════════════════════════════════════════════════════════
@@ -123,9 +221,9 @@ VULNERABILITY_DATABASE = {
 @dataclass
 class IntelligenceIndicator:
     """IOC - Indicator of Compromise"""
-    type: str  # domain, subdomain, ip, email, tech, endpoint
+    type: str
     value: str
-    confidence: float  # 0.0-1.0
+    confidence: float
     source: str
     timestamp: str
     metadata: Optional[Dict] = None
@@ -139,6 +237,8 @@ class ThreatVector:
     techniques: List[str]
     description: str
     cvss_score: Optional[float] = None
+    cwe_id: Optional[str] = None
+    evidence: Optional[str] = None
 
 @dataclass
 class AttackPath:
@@ -147,7 +247,31 @@ class AttackPath:
     intermediate_steps: List[str]
     objective: str
     risk_level: str
-    complexity: float  # 0.0 to 1.0
+    complexity: float
+    mitre_techniques: List[str] = None
+    
+    def __post_init__(self):
+        if self.mitre_techniques is None:
+            self.mitre_techniques = []
+
+@dataclass
+class Vulnerability:
+    """Vulnerability finding"""
+    name: str
+    description: str
+    severity: str
+    cvss_score: float
+    cvss_vector: str
+    location: str
+    evidence: str
+    remediation: str
+    cwe_id: Optional[str] = None
+    owasp_category: Optional[str] = None
+    mitre_techniques: List[str] = None
+    
+    def __post_init__(self):
+        if self.mitre_techniques is None:
+            self.mitre_techniques = []
 
 # ════════════════════════════════════════════════════════════════════════════
 # SECTION 3: STEALTH & OPSEC ENGINE
@@ -174,12 +298,16 @@ class StealthConfig:
         }
         
         self.user_agents = [
-            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
-            "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
-            "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36",
+            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+            "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+            "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
             "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0",
-            "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15"
+            "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15",
+            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/120.0.0.0"
         ]
+        
+        self.proxies = []
+        self.current_proxy = 0
     
     def get_delay(self) -> float:
         """Random delay to avoid pattern detection"""
@@ -188,16 +316,29 @@ class StealthConfig:
     
     def get_headers(self) -> Dict[str, str]:
         """Anti-fingerprinting headers"""
-        return {
+        headers = {
             "User-Agent": random.choice(self.user_agents),
-            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
             "Accept-Encoding": random.choice(["gzip, deflate", "gzip, deflate, br"]),
-            "Accept-Language": random.choice(["en-US,en;q=0.9", "en-US,en;q=0.9,pt;q=0.8"]),
+            "Accept-Language": random.choice(["en-US,en;q=0.9", "en-US,en;q=0.9,pt;q=0.8", "en-GB,en;q=0.9"]),
             "Cache-Control": "no-cache",
             "DNT": "1",
             "Connection": "keep-alive",
-            "Upgrade-Insecure-Requests": "1"
+            "Upgrade-Insecure-Requests": "1",
+            "Sec-Fetch-Dest": "document",
+            "Sec-Fetch-Mode": "navigate",
+            "Sec-Fetch-Site": "none",
+            "Sec-Fetch-User": "?1"
         }
+        return headers
+    
+    def get_proxy(self) -> Optional[Dict]:
+        """Rotate proxies if available"""
+        if not self.proxies:
+            return None
+        proxy = self.proxies[self.current_proxy % len(self.proxies)]
+        self.current_proxy += 1
+        return proxy
 
 # ════════════════════════════════════════════════════════════════════════════
 # SECTION 4: PASSIVE OSINT ENGINE
@@ -212,7 +353,7 @@ class PassiveOSINTEngine:
         self.logger = self._setup_logging()
     
     def _setup_logging(self):
-        logging.basicConfig(level=logging.INFO)
+        logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
         return logging.getLogger("PassiveOSINT")
     
     async def gather_dns_intel(self, domain: str) -> Dict:
@@ -221,7 +362,10 @@ class PassiveOSINTEngine:
             "subdomains": [],
             "mx_records": [],
             "ns_records": [],
-            "txt_records": []
+            "txt_records": [],
+            "a_records": [],
+            "aaaa_records": [],
+            "cname_records": []
         }
         
         try:
@@ -230,7 +374,9 @@ class PassiveOSINTEngine:
             # Try common subdomains
             common_subs = [
                 "www", "mail", "ftp", "admin", "api", "dev", "staging",
-                "cdn", "test", "blog", "shop", "support", "docs", "app"
+                "cdn", "test", "blog", "shop", "support", "docs", "app",
+                "portal", "secure", "vpn", "remote", "webmail", "mx",
+                "ns1", "ns2", "dns", "autodiscover", "autoconfig"
             ]
             
             for sub in common_subs:
@@ -240,7 +386,20 @@ class PassiveOSINTEngine:
                     for rdata in result:
                         intel["subdomains"].append({
                             "subdomain": full_domain,
-                            "ip": str(rdata)
+                            "ip": str(rdata),
+                            "type": "A"
+                        })
+                except:
+                    pass
+                
+                # Try AAAA records
+                try:
+                    full_domain = f"{sub}.{domain}"
+                    result = dns.resolver.resolve(full_domain, 'AAAA')
+                    for rdata in result:
+                        intel["aaaa_records"].append({
+                            "subdomain": full_domain,
+                            "ipv6": str(rdata)
                         })
                 except:
                     pass
@@ -248,7 +407,14 @@ class PassiveOSINTEngine:
             # MX records
             try:
                 mx = dns.resolver.resolve(domain, 'MX')
-                intel["mx_records"] = [str(r) for r in mx]
+                intel["mx_records"] = [{"preference": r.preference, "exchange": str(r.exchange)} for r in mx]
+            except:
+                pass
+            
+            # NS records
+            try:
+                ns = dns.resolver.resolve(domain, 'NS')
+                intel["ns_records"] = [str(r) for r in ns]
             except:
                 pass
             
@@ -266,15 +432,17 @@ class PassiveOSINTEngine:
     
     async def gather_ssl_cert_intel(self, domain: str) -> Dict:
         """SSL certificate analysis for subdomains"""
-        import ssl
-        import socket
-        
         cert_intel = {
             "subject": None,
             "issuer": None,
             "valid_from": None,
             "valid_to": None,
-            "subjectAltNames": []
+            "subjectAltNames": [],
+            "serial_number": None,
+            "signature_algorithm": None,
+            "version": None,
+            "expired": False,
+            "valid": False
         }
         
         try:
@@ -282,11 +450,23 @@ class PassiveOSINTEngine:
             with socket.create_connection((domain, 443), timeout=5) as sock:
                 with context.wrap_socket(sock, server_hostname=domain) as ssock:
                     cert = ssock.getpeercert()
+                    cipher = ssock.cipher()
+                    version = ssock.version()
                     
                     cert_intel["subject"] = dict(x[0] for x in cert['subject'])
                     cert_intel["issuer"] = dict(x[0] for x in cert['issuer'])
                     cert_intel["valid_from"] = cert['notBefore']
                     cert_intel["valid_to"] = cert['notAfter']
+                    cert_intel["serial_number"] = cert.get('serialNumber')
+                    cert_intel["signature_algorithm"] = cert.get('signatureAlgorithm')
+                    cert_intel["version"] = version
+                    cert_intel["cipher"] = cipher
+                    
+                    # Check expiration
+                    from datetime import datetime
+                    expiry = datetime.strptime(cert['notAfter'], '%b %d %H:%M:%S %Y %Z')
+                    cert_intel["expired"] = expiry < datetime.now()
+                    cert_intel["valid"] = True
                     
                     # Extract SANs
                     for alt_name in cert.get('subjectAltName', []):
@@ -297,15 +477,38 @@ class PassiveOSINTEngine:
         
         return cert_intel
     
+    async def crt_sh_lookup(self, domain: str) -> List[str]:
+        """Query Certificate Transparency logs via crt.sh"""
+        subdomains = set()
+        try:
+            url = f"https://crt.sh/?q=%.{domain}&output=json"
+            headers = self.config.get_headers()
+            
+            async with aiohttp.ClientSession() as session:
+                async with session.get(url, headers=headers, timeout=10) as resp:
+                    if resp.status == 200:
+                        data = await resp.json()
+                        for entry in data:
+                            name = entry.get('name_value', '')
+                            if name and '*' not in name:
+                                subdomains.add(name)
+        except Exception as e:
+            self.logger.error(f"crt.sh lookup failed: {e}")
+        
+        return list(subdomains)
+    
     async def github_reconnaissance(self, org_name: str) -> Dict:
         """Search GitHub for organization info"""
         github_intel = {
             "repositories": [],
             "leaked_patterns": [],
-            "technology_hints": []
+            "technology_hints": [],
+            "members": [],
+            "gists": []
         }
         
         try:
+            # Search repos
             endpoint = f"https://api.github.com/users/{org_name}/repos"
             headers = self.config.get_headers()
             
@@ -313,403 +516,50 @@ class PassiveOSINTEngine:
                 async with session.get(endpoint, headers=headers, timeout=10) as resp:
                     if resp.status == 200:
                         repos = await resp.json()
-                        for repo in repos[:10]:  # Limit to 10
+                        for repo in repos[:20]:  # Limit to 20
                             github_intel["repositories"].append({
                                 "name": repo.get("name"),
                                 "url": repo.get("html_url"),
                                 "description": repo.get("description"),
-                                "language": repo.get("language")
+                                "language": repo.get("language"),
+                                "stars": repo.get("stargazers_count"),
+                                "forks": repo.get("forks_count"),
+                                "updated": repo.get("updated_at")
                             })
                             
                             if repo.get("language"):
                                 github_intel["technology_hints"].append(repo.get("language"))
-        except Exception as e:
-            self.logger.error(f"GitHub recon failed: {e}")
-        
-        return github_intel
-    
-    async def exposed_data_check(self, domain: str) -> List[Dict]:
-        """Check if domain in breach databases"""
-        breaches = []
-        
-        try:
-            # HIBP-like check (public API)
-            endpoint = f"https://haveibeenpwned.com/api/v3/breachedaccount/{domain}"
-            headers = {"User-Agent": "RedTeamFramework/2.0"}
-            
-            resp = requests.get(endpoint, headers=headers, timeout=5)
-            if resp.status_code == 200:
-                breaches = resp.json()
-        except:
-            pass
-        
-        return breaches
-
-# ════════════════════════════════════════════════════════════════════════════
-# SECTION 5: ACTIVE RECONNAISSANCE ENGINE
-# ════════════════════════════��═══════════════════════════════════════════════
-
-class ActiveReconEngine:
-    """Active scanning with OPSEC measures"""
-    
-    def __init__(self, config: StealthConfig):
-        self.config = config
-        self.findings = []
-        self.logger = logging.getLogger("ActiveRecon")
-    
-    async def fingerprint_technologies(self, url: str) -> List[str]:
-        """Identify technologies from headers, HTML, JS"""
-        technologies = []
-        
-        try:
-            headers = self.config.get_headers()
-            resp = requests.get(f"https://{url}", headers=headers, timeout=10, verify=False)
-            
-            # Server header analysis
-            if "Server" in resp.headers:
-                server = resp.headers["Server"]
-                if "Apache" in server:
-                    technologies.append("Apache")
-                if "nginx" in server:
-                    technologies.append("Nginx")
-                if "IIS" in server:
-                    technologies.append("IIS")
-            
-            # X-Powered-By
-            if "X-Powered-By" in resp.headers:
-                technologies.append(resp.headers["X-Powered-By"])
-            
-            content = resp.text
-            
-            # CMS/Framework detection
-            patterns = {
-                "WordPress": r"wp-content|wp-includes|/wp-admin",
-                "Drupal": r"sites/default/files|drupal\.css",
-                "Joomla": r"Joomla|com_content",
-                "Django": r"Django|csrf",
-                "Flask": r"Flask|werkzeug",
-                "React": r"__REACT_DEVTOOLS__|react\.js",
-                "Vue": r"__VUE__|vue\.js",
-                "Angular": r"ng-app|angular\.js"
-            }
-            
-            for tech, pattern in patterns.items():
-                if re.search(pattern, content, re.IGNORECASE):
-                    technologies.append(tech)
-        
-        except Exception as e:
-            self.logger.error(f"Fingerprinting failed: {e}")
-        
-        return list(set(technologies))
-    
-    async def discover_endpoints(self, url: str, wordlist: List[str]) -> List[Dict]:
-        """Endpoint discovery with smart filtering"""
-        discovered = []
-        
-        for path in wordlist[:50]:  # Limit wordlist
-            try:
-                full_url = f"https://{url.rstrip('/')}/{path.lstrip('/')}"
-                headers = self.config.get_headers()
-                
-                await asyncio.sleep(self.config.get_delay())
-                
-                resp = requests.get(full_url, headers=headers, timeout=5, verify=False, allow_redirects=False)
-                
-                if resp.status_code in [200, 301, 302, 401, 403]:
-                    discovered.append({
-                        "path": path,
-                        "status": resp.status_code,
-                        "size": len(resp.text)
-                    })
-            except:
-                pass
-        
-        return discovered
-    
-    async def analyze_forms(self, url: str) -> List[Dict]:
-        """Form detection and analysis"""
-        forms = []
-        
-        try:
-            headers = self.config.get_headers()
-            resp = requests.get(f"https://{url}", headers=headers, timeout=10, verify=False)
-            soup = BeautifulSoup(resp.text, 'html.parser')
-            
-            for form in soup.find_all('form'):
-                form_data = {
-                    "action": form.get('action', ''),
-                    "method": form.get('method', 'GET').upper(),
-                    "fields": []
-                }
-                
-                for field in form.find_all(['input', 'textarea', 'select']):
-                    form_data["fields"].append({
-                        "name": field.get('name', ''),
-                        "type": field.get('type', 'text')
-                    })
-                
-                forms.append(form_data)
-        
-        except Exception as e:
-            self.logger.error(f"Form analysis failed: {e}")
-        
-        return forms
-    
-    async def extract_javascript_endpoints(self, url: str) -> List[str]:
-        """Extract API endpoints from JavaScript"""
-        endpoints = []
-        
-        try:
-            headers = self.config.get_headers()
-            resp = requests.get(f"https://{url}", headers=headers, timeout=10, verify=False)
-            
-            # Find all script tags
-            soup = BeautifulSoup(resp.text, 'html.parser')
-            
-            for script in soup.find_all('script'):
-                if script.string:
-                    # Find API-like patterns
-                    api_pattern = r'["\']/(api|v[0-9]|rest)/[^"\'\s]+["\']'
-                    matches = re.findall(api_pattern, script.string)
-                    endpoints.extend(matches)
-            
-            content = resp.text
-            api_urls = re.findall(r'(https?://[^\s"\']+/api/[^\s"\']+)', content)
-            endpoints.extend(api_urls)
-        
-        except Exception as e:
-            self.logger.error(f"JS extraction failed: {e}")
-        
-        return list(set(endpoints))
-
-# ════════════════════════════════════════════════════════════════════════════
-# SECTION 6: THREAT MODELING ENGINE (STRIDE + MITRE ATT&CK)
-# ════════════════════════════════════════════════════════════════════════════
-
-class ThreatModelingEngine:
-    """Advanced threat modeling"""
-    
-    def __init__(self):
-        self.threats: List[Dict] = []
-        self.attack_paths: List[AttackPath] = []
-    
-    def analyze_web_app(self, recon_data: Dict) -> List[ThreatVector]:
-        """Map reconnaissance to threats"""
-        threat_vectors = []
-        
-        # Forms = injection vectors
-        for form in recon_data.get("forms", []):
-            threat_vectors.append(ThreatVector(
-                category="web_form",
-                location=form.get("action", ""),
-                risk_score=7.5,
-                techniques=["T1565.001", "T1598.003"],
-                description=f"Form {form.get('action')}: SQL Injection, XSS potential",
-                cvss_score=7.5
-            ))
-        
-        # JavaScript = gadget chains
-        for js_file in recon_data.get("js_files", []):
-            threat_vectors.append(ThreatVector(
-                category="js_gadget",
-                location=js_file,
-                risk_score=5.0,
-                techniques=["T1195.001"],
-                description=f"JavaScript gadget chain: {js_file}",
-                cvss_score=5.0
-            ))
-        
-        # API endpoints = information disclosure
-        for endpoint in recon_data.get("endpoints", []):
-            threat_vectors.append(ThreatVector(
-                category="api_endpoint",
-                location=endpoint,
-                risk_score=6.5,
-                techniques=["T1526"],
-                description=f"API endpoint: {endpoint}",
-                cvss_score=6.5
-            ))
-        
-        return threat_vectors
-    
-    def build_attack_paths(self, threat_vectors: List[ThreatVector], technologies: List[str]) -> List[AttackPath]:
-        """Generate attack chains"""
-        paths = []
-        
-        # Generic attack path
-        paths.append(AttackPath(
-            entry_point="Public web form or API endpoint",
-            intermediate_steps=[
-                "Reconnaissance (technology fingerprinting)",
-                "Vulnerability identification (SQLi, XSS, CSRF)",
-                "Exploitation",
-                "Data exfiltration or lateral movement"
-            ],
-            objective="Unauthorized access / Data breach",
-            risk_level="CRITICAL",
-            complexity=0.6
-        ))
-        
-        # WordPress-specific
-        if "WordPress" in technologies:
-            paths.append(AttackPath(
-                entry_point="WordPress admin panel",
-                intermediate_steps=[
-                    "Plugin enumeration",
-                    "Known CVE exploitation",
-                    "Plugin upload for RCE",
-                    "Server compromise"
-                ],
-                objective="Remote Code Execution",
-                risk_level="CRITICAL",
-                complexity=0.4
-            ))
-        
-        return paths
-    
-    def generate_stride_report(self, recon_data: Dict) -> Dict:
-        """Generate STRIDE threat model"""
-        stride_report = {}
-        
-        for threat_category, threat_info in STRIDE_THREATS.items():
-            stride_report[threat_category] = {
-                "description": threat_info["description"],
-                "potential_impacts": [],
-                "mitigations": threat_info["mitigations"]
-            }
-            
-            # Match with found vulnerabilities
-            if "forms" in recon_data and len(recon_data["forms"]) > 0:
-                if threat_category == "Tampering":
-                    stride_report[threat_category]["potential_impacts"].append(
-                        "SQL Injection in form fields"
-                    )
+                            
+                            # Check for common leaked patterns in repo names/descriptions
+                            desc = (repo.get("description") or "").lower()
+                            if any(x in desc for x in ['password', 'secret', 'key', 'token', 'credential']):
+                                github_intel["leaked_patterns"].append({
+                                    "repo": repo.get("name"),
+                                    "pattern": "Potential secret in description"
+                                })
             
-            if "endpoints" in recon_data and len(recon_data["endpoints"]) > 0:
-                if threat_category == "InformationDisclosure":
-                    stride_report[threat_category]["potential_impacts"].append(
-                        "Sensitive data exposed via API endpoints"
-                    )
-        
-        return stride_report
+            # Search for gists
+            gist_endpoint = f"https://api.github.com/users/{org_name}/gists"
+            async with aiohttp.ClientSession() as session:
+                async with session.get(gist_endpoint, headers=headers, timeout=10) as resp:
+                    if resp.status == 200:
+                        gists = await resp.json()
+                        for gist in gists[:10]:
+                            github_intel["gists"].append({
+                                "id": gist.get("id"),
+# BÖLÜM 2: KODUN 8-10. BÖLÜMLERİ
+# Bu dosyayı app_part2.py olarak kaydedin
 
-# ════════════════════════════════════════════════════════════════════════════
-# SECTION 7: ATTACK GRAPH VISUALIZATION (ENHANCED)
-# ════════════════════════════════════════════════════════════════════════════
+part2_code = '''"""
+═══════════════════════════════════════════════════════════════════════════════
+    PRIVATE RED TEAM WEB RECONNAISSANCE FRAMEWORK v3.0 - PART 2
+    ─────────────────────────────────────────────────────────────────────────
+    Bölümler: 8-10 (Reporting Engine, Main Orchestrator, Gradio Interface)
+═══════════════════════════════════════════════════════════════════════════════
+"""
 
-class AttackGraphEngine:
-    """Advanced attack surface visualization"""
-    
-    @staticmethod
-    def create_enhanced_attack_graph(threat_vectors: List[ThreatVector], 
-                                     attack_paths: List[AttackPath]) -> Dict:
-        """Build graph with threat vectors and attack paths"""
-        
-        nodes = ["Attacker", "Internet", "Target Domain"]
-        edges = [("Attacker", "Internet"), ("Internet", "Target Domain")]
-        node_info = {
-            "Attacker": {"type": "attacker", "risk": 10},
-            "Internet": {"type": "network", "risk": 5},
-            "Target Domain": {"type": "asset", "risk": 7}
-        }
-        
-        # Add threat vectors as nodes
-        for i, vector in enumerate(threat_vectors[:10]):
-            node_name = f"{vector.category.replace('_', ' ')}_{i}"
-            nodes.append(node_name)
-            edges.append(("Target Domain", node_name))
-            node_info[node_name] = {
-                "type": "vulnerability",
-                "risk": vector.risk_score,
-                "cvss": vector.cvss_score
-            }
-        
-        return {
-            "nodes": nodes,
-            "edges": edges,
-            "node_info": node_info,
-            "threat_vectors": [asdict(v) for v in threat_vectors],
-            "attack_paths": [asdict(ap) for ap in attack_paths]
-        }
-    
-    @staticmethod
-    def visualize_attack_graph_plotly(graph_data: Dict) -> go.Figure:
-        """Create interactive Plotly visualization"""
-        
-        G = nx.DiGraph()
-        G.add_edges_from(graph_data["edges"])
-        pos = nx.spring_layout(G, k=2, iterations=50, seed=42)
-        
-        # Edge traces
-        edge_x, edge_y = [], []
-        for edge in G.edges():
-            x0, y0 = pos[edge[0]]
-            x1, y1 = pos[edge[1]]
-            edge_x.extend([x0, x1, None])
-            edge_y.extend([y0, y1, None])
-        
-        edge_trace = go.Scatter(
-            x=edge_x, y=edge_y,
-            line=dict(width=2, color='#888'),
-            hoverinfo='none',
-            mode='lines',
-            name='Relationships'
-        )
-        
-        # Node traces with risk coloring
-        node_x, node_y, node_text, node_color, node_size = [], [], [], [], []
-        
-        for node in G.nodes():
-            x, y = pos[node]
-            node_x.append(x)
-            node_y.append(y)
-            node_text.append(node)
-            
-            node_info = graph_data["node_info"].get(node, {})
-            risk = node_info.get("risk", 5)
-            
-            # Color by risk
-            if risk >= 8:
-                node_color.append('#ff0000')  # Red - Critical
-            elif risk >= 6:
-                node_color.append('#ff7700')  # Orange - High
-            elif risk >= 4:
-                node_color.append('#ffff00')  # Yellow - Medium
-            else:
-                node_color.append('#00ff00')  # Green - Low
-            
-            node_size.append(30 + (risk * 2))
-        
-        node_trace = go.Scatter(
-            x=node_x, y=node_y,
-            mode='markers+text',
-            hoverinfo='text',
-            text=node_text,
-            textposition="top center",
-            marker=dict(
-                size=node_size,
-                color=node_color,
-                line_width=2,
-                line=dict(color='#222')
-            ),
-            name='Assets/Threats'
-        )
-        
-        fig = go.Figure(data=[edge_trace, node_trace])
-        fig.update_layout(
-            title='🎯 Advanced Attack Surface Graph',
-            titlefont=dict(size=20, color='#ff0000'),
-            showlegend=True,
-            hovermode='closest',
-            margin=dict(b=20, l=5, r=5, t=40),
-            xaxis=dict(showgrid=False, zeroline=False, showticklabels=False),
-            yaxis=dict(showgrid=False, zeroline=False, showticklabels=False),
-            plot_bgcolor='#1a1a1a',
-            paper_bgcolor='#1a1a1a',
-            font=dict(color='#ffffff')
-        )
-        
-        return fig
+# Part 1'deki importları ve sınıfları tekrar etmek için:
+# Bu dosyayı çalıştırmadan önce Part 1'i import edin veya birleştirin
 
 # ════════════════════════════════════════════════════════════════════════════
 # SECTION 8: COMPREHENSIVE REPORTING ENGINE
@@ -720,42 +570,82 @@ class ReportingEngine:
     
     @staticmethod
     def generate_assessment_report(target: str, recon_data: Dict, threat_vectors: List[ThreatVector],
-                                   attack_paths: List[AttackPath], stride_report: Dict) -> str:
+                                   attack_paths: List[AttackPath], stride_report: Dict,
+                                   vulnerabilities: List[Vulnerability] = None) -> str:
         """Generate comprehensive assessment report"""
         
+        vulns = vulnerabilities or []
+        
         report = f"""
 ╔════════════════════════════════════════════════════════════════════════╗
 ║          PROFESSIONAL SECURITY ASSESSMENT REPORT                      ║
 ║                        [CONFIDENTIAL]                                 ║
+║                    PRIVATE SPACE EDITION v3.0                         ║
 ╚════════════════════════════════════════════════════════════════════════╝
 
 EXECUTIVE SUMMARY
 ─────────────────────────────────────────────────────────────────────────
 Target: {target}
 Assessment Date: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}
-Assessed By: Red Team Framework v2.0
+Assessed By: Red Team Framework v3.0 (Private Space)
 Classification: CONFIDENTIAL
+Assessment Type: Comprehensive Web Application Security Assessment
 
 RISK OVERVIEW
 ─────────────────────────────────────────────────────────────────────────
-Critical Findings: {len([t for t in threat_vectors if t.cvss_score and t.cvss_score >= 9.0])}
-High Findings: {len([t for t in threat_vectors if t.cvss_score and 7.0 <= t.cvss_score < 9.0])}
-Medium Findings: {len([t for t in threat_vectors if t.cvss_score and 4.0 <= t.cvss_score < 7.0])}
-Low Findings: {len([t for t in threat_vectors if t.cvss_score and t.cvss_score < 4.0])}
+Critical Findings: {len([t for t in vulns if t.cvss_score >= 9.0])}
+High Findings: {len([t for t in vulns if 7.0 <= t.cvss_score < 9.0])}
+Medium Findings: {len([t for t in vulns if 4.0 <= t.cvss_score < 7.0])}
+Low Findings: {len([t for t in vulns if t.cvss_score < 4.0])}
 
-Overall Risk Level: {"🔴 CRITICAL" if len([t for t in threat_vectors if t.cvss_score and t.cvss_score >= 9.0]) > 0 else "🟠 HIGH" if len([t for t in threat_vectors if t.cvss_score and t.cvss_score >= 7.0]) > 0 else "🟡 MEDIUM"}
+Overall Risk Level: {"🔴 CRITICAL" if len([t for t in vulns if t.cvss_score >= 9.0]) > 0 else "🟠 HIGH" if len([t for t in vulns if t.cvss_score >= 7.0]) > 0 else "🟡 MEDIUM"}
 
 ATTACK SURFACE
 ─────────────────────────────────────────────────────────────────────────
-Technologies Identified: {len(recon_data.get('technologies', []))}
+Technologies Identified: {len(recon_data.get('technologies', {}).get('cms', [])) + len(recon_data.get('technologies', {}).get('frameworks', []))}
 API Endpoints: {len(recon_data.get('endpoints', []))}
 Forms Discovered: {len(recon_data.get('forms', []))}
 Subdomains Found: {len(recon_data.get('subdomains', []))}
-Exposed Services: {len(recon_data.get('exposed_services', []))}
+JavaScript Files Analyzed: {len(recon_data.get('js_files', []))}
+Security Headers Score: {recon_data.get('security_headers', {}).get('score', 0):.1f}%
 
 TECHNOLOGIES DETECTED
 ─────────────────────────────────────────────────────────────────────────
-{', '.join(recon_data.get('technologies', ['None detected']))}
+Web Server: {recon_data.get('technologies', {}).get('web_server', 'Unknown')}
+CMS: {', '.join(recon_data.get('technologies', {}).get('cms', ['None detected']))}
+Frameworks: {', '.join(recon_data.get('technologies', {}).get('frameworks', ['None detected']))}
+JavaScript Libraries: {', '.join(recon_data.get('technologies', {}).get('javascript', ['None detected']))}
+CDN: {', '.join(recon_data.get('technologies', {}).get('cdn', ['None detected']))}
+
+VULNERABILITY DETAILS
+─────────────────────────────────────────────────────────────────────────
+"""
+        
+        for i, vuln in enumerate(vulns, 1):
+            report += f"""
+[{i}] {vuln.name}
+    Severity: {vuln.severity}
+    CVSS Score: {vuln.cvss_score}
+    CVSS Vector: {vuln.cvss_vector}
+    CWE ID: {vuln.cwe_id or 'N/A'}
+    OWASP Category: {vuln.owasp_category or 'N/A'}
+    Location: {vuln.location}
+    
+    Description:
+    {vuln.description}
+    
+    Evidence:
+    {vuln.evidence}
+    
+    Remediation:
+    {vuln.remediation}
+    
+    MITRE ATT&CK Techniques: {', '.join(vuln.mitre_techniques)}
+    
+    {'─' * 70}
+"""
+        
+        report += f"""
 
 THREAT VECTORS
 ─────────────────────────────────────────────────────────────────────────
@@ -767,8 +657,10 @@ THREAT VECTORS
    Location: {vector.location}
    Risk Score: {vector.risk_score}/10
    CVSS Score: {vector.cvss_score if vector.cvss_score else 'N/A'}
+   CWE ID: {vector.cwe_id or 'N/A'}
    MITRE ATT&CK: {', '.join(vector.techniques)}
    Description: {vector.description}
+   Evidence: {vector.evidence or 'N/A'}
 """
         
         report += f"""
@@ -780,9 +672,18 @@ STRIDE THREAT MODEL
         for threat_type, threat_data in stride_report.items():
             report += f"""
 {threat_type}:
+  Risk Level: {threat_data.get('risk_level', 'LOW')}
   Description: {threat_data['description']}
-  Mitigations: {', '.join(threat_data['mitigations'])}
+  Potential Impacts:
 """
+            for impact in threat_data.get('potential_impacts', []):
+                report += f"    • {impact}\\n"
+            
+            report += f"  Affected Components:\\n"
+            for component in threat_data.get('affected_components', []):
+                report += f"    • {component}\\n"
+            
+            report += f"  Mitigations: {', '.join(threat_data['mitigations'])}\\n"
         
         report += f"""
 
@@ -796,46 +697,191 @@ Attack Path {i}: {path.objective}
   Entry Point: {path.entry_point}
   Complexity: {path.complexity}/1.0
   Risk Level: {path.risk_level}
+  MITRE ATT&CK Techniques: {', '.join(path.mitre_techniques)}
   Steps:
 """
             for step in path.intermediate_steps:
-                report += f"    → {step}\n"
+                report += f"    → {step}\\n"
         
         report += """
 
 RECOMMENDATIONS
 ─────────────────────────────────────────────────────────────────────────
-1. IMMEDIATE (Critical):
-   - Patch all critical CVEs
-   - Enable WAF rules
-   - Implement rate limiting
-   - Enable security headers (CSP, X-Frame-Options, etc.)
+1. IMMEDIATE (Critical - Fix within 24 hours):
+   • Patch all critical CVEs (CVSS 9.0+)
+   • Disable exposed sensitive files (.env, .git)
+   • Enable WAF rules for SQL injection protection
+   • Implement rate limiting on authentication endpoints
+   • Enable security headers (CSP, HSTS, X-Frame-Options)
 
-2. SHORT-TERM (High):
-   - Update outdated technologies
-   - Implement input validation
-   - Enable HTTPS enforcement
-   - Setup security monitoring
+2. SHORT-TERM (High - Fix within 1 week):
+   • Update outdated technologies and frameworks
+   • Implement input validation on all forms
+   • Enable HTTPS enforcement (HSTS)
+   • Setup security monitoring and alerting
+   • Conduct code review for injection vulnerabilities
 
-3. LONG-TERM (Medium):
-   - Implement secure SDLC
-   - Regular security training
-   - Penetration testing program
-   - Bug bounty program
+3. MEDIUM-TERM (Medium - Fix within 1 month):
+   • Implement Web Application Firewall (WAF)
+   • Conduct penetration testing
+   • Implement secure session management
+   • Setup vulnerability disclosure program
+   • Regular security training for developers
+
+4. LONG-TERM (Ongoing):
+   • Implement Secure SDLC
+   • Regular automated security scanning
+   • Bug bounty program
+   • Incident response planning
+   • Compliance auditing (OWASP ASVS)
+
+COMPLIANCE MAPPING
+─────────────────────────────────────────────────────────────────────────
+OWASP Top 10 2021:
+"""
+        
+        owasp_categories = defaultdict(list)
+        for vuln in vulns:
+            if vuln.owasp_category:
+                owasp_categories[vuln.owasp_category].append(vuln.name)
+        
+        for category, vuln_list in owasp_categories.items():
+            report += f"  {category}: {len(vuln_list)} findings\\n"
+            for v in vuln_list[:3]:  # Limit to 3 per category
+                report += f"    • {v}\\n"
+        
+        report += f"""
+
+MITRE ATT&CK MAPPING
+─────────────────────────────────────────────────────────────────────────
+"""
+        
+        mitre_techniques = set()
+        for vuln in vulns:
+            mitre_techniques.update(vuln.mitre_techniques)
+        for path in attack_paths:
+            mitre_techniques.update(path.mitre_techniques)
+        
+        for tech in sorted(mitre_techniques):
+            report += f"  • {tech}"
+            # Add technique name if available
+            for category, techniques in MITRE_TECHNIQUES.items():
+                if tech in techniques:
+                    report += f" - {techniques[tech]}"
+                    break
+            report += "\\n"
+        
+        report += f"""
 
 METHODOLOGY
 ─────────────────────────────────────────────────────────────────────────
-1. Passive OSINT: DNS records, SSL certificates, public databases
-2. Active Reconnaissance: Technology fingerprinting, endpoint discovery
-3. Threat Modeling: STRIDE analysis, attack path mapping
-4. Risk Assessment: CVSS scoring, impact analysis
+1. Passive OSINT (Non-intrusive):
+   • DNS record enumeration (A, AAAA, MX, NS, TXT)
+   • SSL/TLS certificate analysis
+   • Certificate Transparency log queries (crt.sh)
+   • GitHub reconnaissance
+   • Wayback Machine historical data
+   • Shodan/Censys intelligence (if API available)
+
+2. Active Reconnaissance (Low impact):
+   • HTTP header analysis
+   • Technology fingerprinting
+   • Endpoint discovery
+   • Form analysis
+   • JavaScript endpoint extraction
+   • Security headers assessment
+
+3. Vulnerability Analysis:
+   • Pattern-based detection
+   • Configuration weakness identification
+   • Information disclosure checks
+   • Injection vulnerability probes (safe)
+
+4. Threat Modeling:
+   • STRIDE analysis
+   • Attack path generation
+   • MITRE ATT&CK mapping
+   • Risk scoring (CVSS v3.1)
+
+5. Reporting:
+   • Executive summary
+   • Technical findings
+   • Remediation guidance
+   • Compliance mapping
+
+TOOLS & TECHNIQUES
+─────────────────────────────────────────────────────────────────────────
+• Framework: Red Team Recon Framework v3.0
+• Standards: OWASP Testing Guide, PTES, CVSS v3.1
+• Threat Model: STRIDE, MITRE ATT&CK v12
+• Visualization: NetworkX, Plotly
+• OSINT: DNS, SSL, crt.sh, GitHub, Wayback
+
+LIMITATIONS
+─────────────────────────────────────────────────────────────────────────
+• Assessment limited to authorized scope
+• No active exploitation performed
+• Rate limiting may affect scan completeness
+• Some checks require manual verification
+• API keys needed for full OSINT features
 
 ═══════════════════════════════════════════════════════════════════════════
 Report Generated: {datetime.now().isoformat()}
 Classification: CONFIDENTIAL - DO NOT DISTRIBUTE
+Private Space Assessment - Authorized Testing Only
 ═══════════════════��═══════════════════════════════════════════════════════
 """
         return report
+    
+    @staticmethod
+    def generate_executive_summary(target: str, recon_data: Dict, vulnerabilities: List[Vulnerability]) -> str:
+        """Generate executive summary for C-level"""
+        
+        critical = len([v for v in vulnerabilities if v.cvss_score >= 9.0])
+        high = len([v for v in vulnerabilities if 7.0 <= v.cvss_score < 9.0])
+        medium = len([v for v in vulnerabilities if 4.0 <= v.cvss_score < 7.0])
+        
+        summary = f"""
+EXECUTIVE SUMMARY
+═══════════════════════════════════════════════════════════════════════════
+
+Target Organization: {target}
+Assessment Period: {datetime.now().strftime('%Y-%m-%d')}
+Overall Risk Rating: {"CRITICAL" if critical > 0 else "HIGH" if high > 0 else "MEDIUM"}
+
+KEY FINDINGS:
+• {critical} Critical vulnerabilities requiring immediate attention
+• {high} High-risk vulnerabilities to address within 1 week
+• {medium} Medium-risk vulnerabilities for next sprint
+
+BUSINESS IMPACT:
+"""
+        
+        if critical > 0:
+            summary += "• CRITICAL: Immediate risk of data breach or system compromise\\n"
+        if high > 0:
+            summary += "• HIGH: Significant risk to business operations and data integrity\\n"
+        
+        summary += f"""
+IMMEDIATE ACTIONS REQUIRED:
+1. Convene security incident response team
+2. Prioritize critical vulnerability remediation
+3. Review and enhance monitoring capabilities
+4. Consider temporary WAF rules for protection
+
+ESTIMATED REMEDIATION EFFORT:
+• Critical issues: 1-3 days
+• High issues: 1-2 weeks
+• Full remediation: 1-3 months
+
+RECOMMENDED INVESTMENT:
+• Immediate security patches: $5K-$15K
+• Security infrastructure improvements: $25K-$75K
+• Ongoing security program: $100K-$300K annually
+
+═══════════════════════════════════════════════════════════════════════════
+"""
+        return summary
 
 # ════════════════════════════════════════════════════════════════════════════
 # SECTION 9: MAIN ORCHESTRATOR
@@ -859,10 +905,12 @@ class RedTeamReconFramework:
             "target": target_url,
             "timestamp": datetime.now().isoformat(),
             "subdomains": [],
-            "technologies": [],
+            "technologies": {},
             "endpoints": [],
             "forms": [],
             "js_files": [],
+            "security_headers": {},
+            "vulnerabilities": [],
             "threat_vectors": [],
             "attack_paths": [],
             "stride_analysis": {},
@@ -872,6 +920,7 @@ class RedTeamReconFramework:
         
         try:
             # PHASE 1: Passive OSINT
+            print("[1/5] Passive OSINT gathering...")
             passive_data = await self.passive_engine.gather_dns_intel(target_url)
             results["subdomains"] = passive_data.get("subdomains", [])
             
@@ -882,18 +931,27 @@ class RedTeamReconFramework:
                     for san in ssl_data["subjectAltNames"]
                 ])
             
+            # Certificate Transparency logs
+            ct_subdomains = await self.passive_engine.crt_sh_lookup(target_url)
+            for sub in ct_subdomains:
+                if sub not in [s.get("subdomain") for s in results["subdomains"]]:
+                    results["subdomains"].append({"subdomain": sub, "ip": "from_ct"})
+            
+            # GitHub recon
             github_data = await self.passive_engine.github_reconnaissance(target_url.replace(".com", ""))
             results["github_intel"] = github_data
             
+            # Wayback Machine
+            wayback_urls = await self.passive_engine.wayback_machine_lookup(target_url)
+            results["historical_urls"] = wayback_urls
+            
             # PHASE 2: Active Reconnaissance
+            print("[2/5] Active reconnaissance...")
             technologies = await self.active_engine.fingerprint_technologies(target_url)
             results["technologies"] = technologies
             
-            endpoints = await self.active_engine.discover_endpoints(target_url, [
-                "", "admin", "api", "login", "test", "debug", "config",
-                "api/users", "api/admin", "api/auth", "api/data"
-            ])
-            results["endpoints"] = [e["path"] for e in endpoints]
+            endpoints = await self.active_engine.discover_endpoints(target_url, COMMON_ENDPOINTS)
+            results["endpoints"] = endpoints
             
             forms = await self.active_engine.analyze_forms(target_url)
             results["forms"] = forms
@@ -901,7 +959,16 @@ class RedTeamReconFramework:
             js_endpoints = await self.active_engine.extract_javascript_endpoints(target_url)
             results["js_files"] = js_endpoints
             
-            # PHASE 3: Threat Modeling
+            security_headers = await self.active_engine.analyze_security_headers(target_url)
+            results["security_headers"] = security_headers
+            
+            # PHASE 3: Vulnerability Analysis
+            print("[3/5] Vulnerability analysis...")
+            vulnerabilities = await self.active_engine.check_common_vulnerabilities(target_url)
+            results["vulnerabilities"] = [asdict(v) for v in vulnerabilities]
+            
+            # PHASE 4: Threat Modeling
+            print("[4/5] Threat modeling...")
             threat_vectors = self.threat_model.analyze_web_app(results)
             results["threat_vectors"] = [asdict(tv) for tv in threat_vectors]
             
@@ -911,19 +978,27 @@ class RedTeamReconFramework:
             stride_analysis = self.threat_model.generate_stride_report(results)
             results["stride_analysis"] = stride_analysis
             
-            # PHASE 4: Attack Graph
-            graph_data = self.graph_engine.create_enhanced_attack_graph(threat_vectors, attack_paths)
+            # PHASE 5: Attack Graph
+            print("[5/5] Generating attack graph...")
+            graph_data = self.graph_engine.create_enhanced_attack_graph(
+                threat_vectors, attack_paths, vulnerabilities
+            )
             results["graph_data"] = graph_data
             
-            # PHASE 5: Reporting
+            # PHASE 6: Reporting
+            print("[6/6] Generating report...")
             report = self.reporting.generate_assessment_report(
-                target_url, results, threat_vectors, attack_paths, stride_analysis
+                target_url, results, threat_vectors, attack_paths, stride_analysis, vulnerabilities
             )
             results["report"] = report
             
+            print("✅ Assessment complete!")
+            
         except Exception as e:
             results["error"] = str(e)
             logging.error(f"Assessment failed: {e}")
+            import traceback
+            results["traceback"] = traceback.format_exc()
         
         return results
 
@@ -938,6 +1013,12 @@ def run_assessment(target_url: str, threat_level: str, progress=gr.Progress(trac
     """Gradio wrapper function"""
     
     try:
+        if not target_url:
+            return "Error: Please enter a target domain", "{}", go.Figure(), "No report generated"
+        
+        # Clean target URL
+        target_url = target_url.replace("https://", "").replace("http://", "").strip("/")
+        
         progress(0.1, desc="🔍 Validating target...")
         
         # Update threat level
@@ -967,115 +1048,21 @@ def run_assessment(target_url: str, threat_level: str, progress=gr.Progress(trac
         else:
             fig = go.Figure()
         
+        # Calculate stats
+        vulns = results.get("vulnerabilities", [])
+        critical = len([v for v in vulns if v.get("cvss_score", 0) >= 9.0])
+        high = len([v for v in vulns if 7.0 <= v.get("cvss_score", 0) < 9.0])
+        medium = len([v for v in vulns if 4.0 <= v.get("cvss_score", 0) < 7.0])
+        
         # Summary
         summary = f"""
 ## 🔴 ASSESSMENT COMPLETE
 
 **Target:** {target_url}  
-**Date:** {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}
+**Date:** {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}  
+**Threat Level:** {threat_level}
 
 ### Quick Stats
 - 🌐 Subdomains: {len(results.get('subdomains', []))}
-- 🔧 Technologies: {len(results.get('technologies', []))}
-- 📍 Endpoints: {len(results.get('endpoints', []))}
-- 📝 Forms: {len(results.get('forms', []))}
-- ⚠️ Threat Vectors: {len(results.get('threat_vectors', []))}
-- 🎯 Attack Paths: {len(results.get('attack_paths', []))}
-
-### Risk Assessment
-- **Critical:** {len([t for t in results.get('threat_vectors', []) if t.get('cvss_score', 0) >= 9.0])}
-- **High:** {len([t for t in results.get('threat_vectors', []) if 7.0 <= t.get('cvss_score', 0) < 9.0])}
-- **Medium:** {len([t for t in results.get('threat_vectors', []) if 4.0 <= t.get('cvss_score', 0) < 7.0])}
-
-### Technologies Detected
-{', '.join(results.get('technologies', ['None']))}
-"""
-        
-        return (
-            summary,
-            json.dumps(results, indent=2, default=str),
-            fig,
-            results.get("report", "No report generated")
-        )
-    
-    except Exception as e:
-        error_msg = f"Error: {str(e)}"
-        return error_msg, "{}", go.Figure(), error_msg
-
-# ════════════════════════════════════════════════════════════════════════════
-# GRADIO UI DEFINITION
-# ══════════════��═════════════════════════════════════════════════════════════
-
-with gr.Blocks(theme=gr.themes.Soft(primary_hue="red"), title="Red Team Recon Framework") as demo:
-    gr.Markdown("""
-    # 🛡️ RED TEAM ADVANCED WEB RECONNAISSANCE FRAMEWORK v2.0
-    ### Professional Security Assessment Tool
-    
-    **Features:**
-    - 🕵️ Passive OSINT (DNS, SSL, GitHub, Breach databases)
-    - 📡 Active Reconnaissance (Fingerprinting, endpoint discovery)
-    - 🎯 Threat Modeling (STRIDE + MITRE ATT&CK)
-    - 📊 Advanced Attack Surface Visualization
-    - 📝 Professional Reporting (CVSS, ATT&CK TID)
-    
-    ⚠️ **DISCLAIMER:** Authorized testing only. Unauthorized access is illegal.
-    """)
-    
-    with gr.Row():
-        with gr.Column(scale=1):
-            target_input = gr.Textbox(
-                label="Target Domain",
-                placeholder="example.com",
-                info="Enter target domain (without https://)"
-            )
-            
-            threat_level = gr.Radio(
-                choices=["Low (Stealthy)", "Medium (Balanced)", "High (Aggressive)"],
-                value="Medium (Balanced)",
-                label="Threat Level / Scan Intensity"
-            )
-            
-            scan_button = gr.Button("🚀 START ASSESSMENT", variant="primary", size="lg")
-        
-        with gr.Column(scale=1):
-            gr.Markdown("""
-            ### How It Works
-            
-            1. **Passive OSINT**: DNS records, SSL certs, public data
-            2. **Active Recon**: Technology fingerprinting
-            3. **Threat Modeling**: STRIDE + MITRE ATT&CK
-            4. **Risk Analysis**: CVSS scoring
-            5. **Reporting**: Executive + technical reports
-            """)
-    
-    with gr.Tabs():
-        with gr.Tab("📊 Summary"):
-            summary_output = gr.Markdown(label="Assessment Summary")
-        
-        with gr.Tab("📈 Attack Graph"):
-            graph_output = gr.Plot(label="Attack Surface Visualization")
-        
-        with gr.Tab("🔍 Raw Data"):
-            json_output = gr.Code(language="json", label="Detailed Findings (JSON)")
-        
-        with gr.Tab("📋 Full Report"):
-            report_output = gr.Textbox(
-                label="Security Assessment Report",
-                lines=30,
-                max_lines=100,
-                interactive=False
-            )
-    
-    # Button click handler
-    scan_button.click(
-        fn=run_assessment,
-        inputs=[target_input, threat_level],
-        outputs=[summary_output, json_output, graph_output, report_output]
-    )
-
-# ════════════════════════════════════════════════════════════════════════════
-# LAUNCH
-# ════════════════════════════════════════════════════════════════════════════
-
-if __name__ == "__main__":
-    demo.launch(share=True, server_name="0.0.0.0", server_port=7860)
+- 🔧 Technologies: {len(results.get('technologies', {}).get('cms', [])) + len(results.get('technologies', {}).get('frameworks', []))}
+- 📍 Endpoints: