AI-Assisted Vulnerability Assessment & Penetration Testing Tool
SecScanX is an open-source security scanning platform that combines traditional penetration testing tools with artificial intelligence to provide comprehensive vulnerability assessments. Designed for beginners, researchers, and security professionals, it offers automated reconnaissance, intelligent analysis, and detailed reporting.
| Category | Features |
|---|---|
| โ Reconnaissance | Subdomain finder, WHOIS lookup, port scanning, DNS enumeration |
| ๐ง AI Assistant | Interprets scan results, suggests next steps, explains findings |
| ๐ Automation | Automated comprehensive scans via CLI or web interface |
| ๐ Reports | Generates professional PDF and HTML reports |
| ๐ฅ Multi-user | Team collaboration with project management and audit logs |
| ๐ฏ Learning Mode | Educational explanations for students and beginners |
| โ๏ธ API Ready | RESTful API for integration and automation |
| ๐ Security | Rate limiting, authentication, and secure configurations |
- Python 3.8+ and pip
- Node.js 16+ and npm
- nmap, dnsutils, whois (installed automatically)
# Clone the repository
git clone https://github.com/yashab-cyber/SecScanX.git
cd SecScanX
# Run the installation script (Ubuntu/Debian)
chmod +x scripts/install.sh
./scripts/install.sh
# Or install manually:
# Backend setup
cd backend
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Frontend setup
cd ../frontend
npm install
# CLI setup
cd ../cli
pip3 install -r requirements.txt
chmod +x secscanx.py# Copy and edit environment file
cp .env.example .env
# Edit .env with your settings (API keys, database config, etc.)Start the Backend API:
cd backend
source venv/bin/activate
python app.py
# API available at http://localhost:5000Start the Frontend (new terminal):
cd frontend
npm start
# Web interface at http://localhost:3000Use the CLI:
# Add to PATH or use directly
./cli/secscanx.py --help
# Example scans
secscanx subdomain example.com
secscanx port 192.168.1.1 --port-range 1-1000
secscanx vuln https://example.com --scan-type web- Dashboard: View scan statistics, recent results, and quick actions
- Scanner: Configure and run different types of security scans
- Results: Analyze findings with AI-powered insights
- Reports: Generate professional security assessment reports
- AI Assistant: Chat with AI for security advice and explanations
# Comprehensive subdomain enumeration
secscanx subdomain target.com --output results.json
# Port scan with custom range
secscanx port 10.0.0.1 --port-range 1-65535
# Web application vulnerability assessment
secscanx vuln https://target.com --scan-type comprehensive
# DNS reconnaissance
secscanx dns target.com
# Generate professional report
secscanx report results.json --format pdfimport requests
# Start a subdomain scan
response = requests.post('http://localhost:5000/api/scan/subdomain',
json={'domain': 'example.com'})
result = response.json()
# Get AI analysis
ai_response = requests.post('http://localhost:5000/api/ai/chat',
json={'message': 'Explain this vulnerability',
'context': result})SecScanX follows a modular architecture:
SecScanX/
โโโ backend/ # Python Flask API server
โ โโโ app.py # Main application
โ โโโ modules/ # Scanning and AI modules
โ โโโ models/ # Database models
โโโ frontend/ # React web interface
โ โโโ src/
โ โโโ components/
โโโ cli/ # Command-line interface
โโโ reports/ # Generated reports
โโโ docs/ # Documentation
โโโ scripts/ # Installation and utility scripts
- Reconnaissance Module: Subdomain enumeration, port scanning, DNS/WHOIS lookups
- AI Assistant: OpenAI integration for intelligent analysis and recommendations
- Vulnerability Scanner: Web app and network service security assessment
- Report Generator: Professional PDF/HTML report creation
- Multi-user System: Authentication, projects, and audit logging
- Brute force common subdomains
- Certificate Transparency log search
- DNS zone transfer attempts
- AI analysis of discovered subdomains
- TCP/UDP port discovery
- Service version detection
- Operating system fingerprinting
- Risk assessment of open services
- Web application security testing
- Network service vulnerability detection
- SSL/TLS configuration analysis
- Security header verification
- A, AAAA, MX, NS, TXT record collection
- DNS zone information gathering
- Email server discovery
- Infrastructure mapping
- Domain registration information
- Ownership and contact details
- Name server identification
- Expiration date monitoring
SecScanX integrates AI to enhance security assessments:
- Intelligent Analysis: Automatically interprets scan results
- Risk Assessment: Prioritizes findings by severity and impact
- Remediation Guidance: Provides specific fix recommendations
- Learning Mode: Explains techniques for educational purposes
- Contextual Chat: Interactive AI assistant for security questions
Generate professional security reports in multiple formats:
- HTML Reports: Interactive web-based reports with charts
- PDF Reports: Professional documents for stakeholders
- JSON Exports: Machine-readable data for integration
- Executive Summaries: High-level findings for management
Important: SecScanX is designed for authorized security testing only.
- Only scan systems you own or have explicit permission to test
- Some scans may be detected by security systems
- Follow responsible disclosure practices
- Respect rate limits and target system resources
- Review local laws and regulations before testing
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
# Clone and setup development environment
git clone https://github.com/yashab-cyber/SecScanX.git
cd SecScanX
# Install development dependencies
pip install -r backend/requirements-dev.txt
npm install --dev --prefix frontend
# Run tests
pytest backend/tests/
npm test --prefix frontendHelp us improve SecScanX by supporting the development! Your donations enable us to:
- ๐ Develop new features - Advanced scanning modules and AI capabilities
- ๐ Enhance security - Better vulnerability detection and exploit research
- ๐ Create educational content - Tutorials and penetration testing resources
- ๐ Grow the community - Support contributors and maintain infrastructure
Cryptocurrency (Preferred):
- Solana (SOL):
5pEwP9JN8tRCXL5Vc9gQrxRyHHyn7J6P2DCC8cSQKDKT - Bitcoin (BTC):
bc1qmkptg6wqn9sjlx6wf7dk0px0yq4ynr4ukj2x8c - Ethereum (ETH): Contact yashabalam707@gmail.com for current address
Traditional Methods:
- PayPal: yashabalam707@gmail.com
- Direct Link: paypal.me/yashab07
All donors receive:
- ๐ง Exclusive monthly newsletter with security insights
- ๐ฎ Early access to beta features and new scanning modules
- ๐ฌ Access to private contributor community
- ๐ Advanced penetration testing resources and methodologies
๐ View Full Donation Details
Official Channels:
- ๐ Website: www.zehrasec.com
- ๐ธ Instagram: @_zehrasec
- ๐ Facebook: ZehraSec Official
- ๐ฆ X (Twitter): @zehrasec
- ๐ผ LinkedIn: ZehraSec Company
Connect with Yashab Alam (Creator):
- ๐ป GitHub: @yashab-cyber
- ๐ธ Instagram: @yashab.alam
- ๐ผ LinkedIn: Yashab Alam
This project is licensed under the MIT License - see the LICENSE file for details.
- Built with Flask, React, and modern web technologies
- Integrates nmap, dnspython, and other security tools
- UI components from Material-UI
- Charts powered by Recharts
- AI capabilities via OpenAI API
- ๐ Documentation: Wiki
- ๐ Bug Reports: Issues
- ๐ฌ Discussions: GitHub Discussions
- ๐ง Email: yashabalam707@gmail.com
- ๐ฐ Donations: Support Development
SecScanX is for educational and authorized testing purposes only. Users are responsible for complying with applicable laws and obtaining proper authorization before scanning any systems. The developers assume no liability for misuse of this tool.
Made with โค๏ธ by Yashab Alam (Founder of ZehraSec) for the cybersecurity community