@@ -121,93 +121,6 @@ python dashboard/app.py
121121| ` --schedule ` | Loop scan on ` targets.txt ` (use with ` --interval ` ) |
122122| ` --interval N ` | Hours between scheduled scans (default: 24) |
123123
124- ---
125-
126- ## Project Structure
127-
128- ```
129- sec_platform/
130- │
131- ├── run_scan.py # Main entry point (Phases 1–14)
132- ├── run_scan_simple.py # Offline-friendly minimal scan
133- ├── cli_menu.py # Interactive terminal menu
134- ├── install.sh # One-command setup
135- ├── requirements.txt # Python dependencies
136- ├── targets.txt # Multi-target URL list
137- │
138- ├── scanners/ # Phase 2 & 11 & 14 — Vulnerability scanners
139- │ ├── web_scanner.py # HTTP/HTTPS checks
140- │ ├── header_checker.py # Security headers audit
141- │ ├── tls_checker.py # TLS/SSL analysis
142- │ ├── wordpress_checker.py # WordPress attack surface
143- │ ├── api_checker.py # API surface & sensitive files
144- │ ├── injection_detector.py # SQLi / XSS / CMDi
145- │ ├── deep_scanner.py # SSRF, XXE, IDOR, path traversal
146- │ ├── recon_scanner.py # Subdomain enum, tech fingerprinting
147- │ ├── advanced_scanner.py # JWT, auth bypass, GraphQL
148- │ ├── cloud_scanner.py # S3, Azure, GCP, Docker, K8s
149- │ └── async_scanner.py # Async parallel scanning engine
150- │
151- ├── parser/ # Phase 3–6 — Parsing & enrichment
152- │ ├── parser_engine.py # Orchestrates full parse pipeline
153- │ ├── deduplicator.py # Removes duplicate findings
154- │ └── risk_score.py # Aggregate numeric risk score
155- │
156- ├── ai_engine/ # Phase 4 & 12 — AI components
157- │ ├── local_analyzer.py # DistilBERT + MiniLM analysis
158- │ ├── false_positive_filter.py # ML-based FP detection
159- │ ├── learning_loop.py # Enrichment orchestrator
160- │ ├── pattern_fingerprint.py # SHA-256 finding fingerprint
161- │ ├── trust_model.py # Trust scoring from feedback
162- │ └── feedback_store.py # Analyst feedback persistence
163- │
164- ├── compliance/ # Phase 6 — OWASP mapping
165- │ └── compliance_mapper.py # OWASP Top 10 2021 + CWE tags
166- │
167- ├── intelligence/ # Phase 11 & 13 — Threat intelligence
168- │ ├── exploitability_scorer.py # CVSS-style exploit scoring
169- │ ├── cve_database.py # Local CVE/PoC database
170- │ └── cve_updater.py # Fetches CVEs from NVD/ExploitDB
171- │
172- ├── lifecycle/ # Phase 5 — Finding lifecycle
173- │ ├── vuln_db.py # JSON report persistence
174- │ └── status_manager.py # open/confirmed/resolved/FP
175- │
176- ├── reports/ # Report generators
177- │ ├── pdf_generator.py # Professional PDF reports (reportlab)
178- │ ├── ai_report_generator.py # AI-enhanced Markdown reports
179- │ ├── cve_enhanced_report.py # CVE/PoC HTML reports
180- │ └── comparison_reporter.py # Diff two scans, show regressions
181- │
182- ├── dashboard/ # Phase 7 — Web UI
183- │ ├── app.py # Flask app
184- │ └── templates/index.html # Dark-mode dashboard
185- │
186- ├── soc/ # Phase 10 — SOC monitoring
187- │ ├── asset_discovery/ # DNS resolution + TLS probe
188- │ ├── exposure/ # HTTP + header exposure scan
189- │ ├── drift_detection/ # Compare current vs previous inventory
190- │ ├── risk_scoring/ # Weighted score per asset
191- │ ├── remediation/ # Actionable fix tasks
192- │ └── continuous_monitoring.py # Pipeline orchestrator
193- │
194- ├── orchestrator/ # Phase 9 — Multi-target
195- │ └── multi_target_runner.py # Parallel scan orchestration
196- │
197- ├── schedulers/ # Phase 9 — Scheduling
198- │ └── scheduled_scan.py # Cron-style recurring scans
199- │
200- ├── cicd/ # Phase 9 — CI/CD integration
201- │ └── security_gate.py # Exit 0/1 for pipeline blocking
202- │
203- ├── utils/ # Shared utilities
204- │ └── terminal_ui.py # Colored output, progress bars
205- │
206- └── scripts/
207- └── download_models.py # Pre-download AI models
208- ```
209-
210- ---
211124
212125## Output & Reports
213126
0 commit comments