Skip to content

Latest commit

 

History

History
77 lines (57 loc) · 2.96 KB

README.md

File metadata and controls

77 lines (57 loc) · 2.96 KB
Raw
                                   PROJECT ON VULNERABILITY ASSESSMENT FRAMEWORK USING MODERN GUI
                                                                               BY: TEAM GUARDIANS

INTRODUCTION: Our team has designed a framework for the vulnerability scans where the user is required to paste the URL of the website he/she is going to check for its vulnerability and flaws. Our framework ensures to deliver out the true and up to date information about the flaws in a very unique way. Besides getting the vulnerability scan, user gets a description about the vulnerability so that he/she can check and work on it. It also shows how vulnerable your site is as low, medium, high risk using various colors.

TOOLS AND LIBRARIES USED

**Flask: ** A micro web framework for Python. Handles routing (@app.route) and HTTP requests (request object). Renders HTML templates (render_template function).

**SQLAlchemy: ** Object-Relational Mapping (ORM) library for Python. Manages database models (Scan, Alert, NmapResult). Handles database connections and queries (db.session). Flask-Migrate: Extension for Flask to handle database migrations. Simplifies the process of applying and managing database schema changes.

ZAPv2 (OWASP ZAP): Open-source web application security scanner. Integrated for performing active and passive scans (zap.ascan and zap.pscan). Retrieves security alerts (zap.core.alerts).

**nmap: ** Network exploration tool and security/port scanner. Used to perform network scans (nmap.PortScanner()).

Files and Directories:

  • App Initialization: app = Flask(name, static_folder=r"C:\Users(user's computer directory where template is stored)"): Defines the Flask application and specifies the static file directory.

  • Database Configuration: app.config['SQLALCHEMY_DATABASE_URI']: Specifies the SQLite database location. app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False: Disables SQLAlchemy modification tracking.

  • Database Models: Defines three database models (Scan, Alert, NmapResult) using SQLAlchemy ORM.

  • Routes: /: Serves the index.html file from the specified static directory. /scan: Endpoint for initiating a scan, handling both ZAP and nmap scans, storing results in the database, and rendering a results template. /scans: Displays a list of scan records from the database.

  • Templates: index.html: Main HTML file served by the application. results.html: Template for displaying scan results. scans.html: Template for displaying a list of scan records.

  • Files and Directories Overview:

  • Static Files: Located at C:\Users(user's computer directory where template is stored). Contains static assets like CSS, JavaScript, and index.html.

  • Database File: SQLite database file (zap_scans.db).

DETAILS OF THE GROUP MEMBERS:

  1. HARSHAL BEHARE
  2. JAYADITHYA G
  3. JISHNU O
  4. KAMISETTY LAKSHMI CHAITRIKA
  5. KHUSHI MADAVI
  6. KUSHAGRA KALE
  7. MADHUR SAPRA
  8. MANAS PATEKAR
  9. MD. ASADULLAH ABBASI 10.NAMIT SHARMA
  10. NEHAL HEMDEV