AIScanner 0.1.0

AI-powered web vulnerability scanner based on OWASP Top 10

AIScanner 🔍

AIScanner is an AI-powered web vulnerability scanner that automatically crawls URLs and flags security risks based on the OWASP Top 10.

---

✨ Features

• 🌐 Recursive web crawler — follows internal links up to a configurable depth
• 🧠 Technology detection — identifies WordPress, React, Angular, Vue, Django, Bootstrap, jQuery, Next.js, and more
• 🛡️ OWASP Top 10 checks — detects XSS, SQL Injection exposure, missing CSRF tokens, sensitive data exposure, and open redirects
• 🎯 Severity classification — each risk is tagged CRITICAL / HIGH / MEDIUM / LOW / SAFE
• 📄 JSON output — results are saved to crawl_results.json
• 💬 Language detection — detects the page language (English, French, Spanish, …)

---

📦 Installation

pip install AIScanner

Requires Python 3.9 or higher.

---

🚀 Quick Start

As a CLI tool

After installation, the aiscanner command is available globally:

aiscanner

You will be prompted to enter a URL:

🔎 Enter URL to crawl: https://example.com

As a Python library

from AIScanner import WebAnalyzer, WebCrawler

# Analyze a single URL
analyzer = WebAnalyzer(".")
result = analyzer.analyze("https://example.com")

print(result["language"])    # e.g. "English"
print(result["tech_stack"])  # e.g. ["Bootstrap", "jQuery"]
for risk in result["risks"]:
    print(f"[{risk['severity']}] {risk['owasp_id']}: {risk['name']}")

# Crawl an entire site (max 2 levels deep)
crawler = WebCrawler(".", analyzer, max_depth=2)
results = crawler.run("https://example.com")
# results is a dict: { url -> analysis_result }

---

🧩 Project Structure

src/AIScanner/
├── __init__.py           # Public API
├── exceptions.py         # Custom exceptions
├── logger.py             # Pre-configured logger
└── crawler/
    ├── __init__.py
    ├── crawl.py          # WebCrawler — recursive URL crawler
    └── web_analyzer.py   # WebAnalyzer — tech detection + OWASP checks

---

🛡️ OWASP Checks Performed

OWASP ID	Check	Severity
A01	Broken Access Control — Form without CSRF protection	MEDIUM
A02	Sensitive Data Exposure — password/credit card/SSN in page text	CRITICAL
A03	XSS — inline <script> tags found	HIGH
A03	SQL Injection exposure — SQL error strings in page	HIGH
A05	Missing X-Frame-Options / Content-Security-Policy	LOW
A10	Open Redirect — ?redirect= or ?next= parameters	MEDIUM

---

⚙️ Configuration

Parameter	Default	Description
max_depth	2	How many link levels deep to crawl
base_path	"."	Directory where crawl_results.json is saved

---

🔧 Development Setup

git clone https://github.com/prodip1023/AIScanner.git
cd AIScanner

# Install with dev dependencies
pip install -e ".[testing]"

# Run tests
pytest -v tests/

# Lint
flake8 src

# Type check
mypy src

---

📤 Publishing (maintainers)

# 1. Bump version in pyproject.toml and src/AIScanner/__init__.py
# 2. Commit and tag
git tag v0.1.0
git push origin v0.1.0
# GitHub Actions will automatically build and publish to PyPI

---

📄 License

Apache 2.0 © 2024 prodip1023