System Overview
The Sec-Tools platform is a versatile web penetration testing suite developed using the Python-Django framework. It integrates a wide array of security modules, including vulnerability detection, directory brute-forcing, port scanning, fingerprinting, subdomain discovery, and information leakage assessment. By centralizing these tools into a single web-based dashboard, security professionals can efficiently collect assets and identify potential attack vectors.
Core Functional Modules
1. Identity and Access Control
The system implements a robust authentication layer utilizing Django's built-in auth module. It distinguishes between standard users and administrative accounts. Standard users have access to scanning functionalities, while administrators manage the backend database and user permissions.
- Security Measures: User credentials are stored in a SQLite database. Passwords undergo SHA256 hashing with a salt and subsequent Base64 encoding to ensure data integrity.
- Password Recovery: Integrated via the
django-password-resetpackage, allowing users to securely regain access through verified email channels.
2. Vulnerability Assessment Engine
This module identifies security flaws such as SQL Injection, XSS, weak credentials, and middleware-specific vulnerabilities (e.g., WebLogic, Tomcat, Struts2).
API Integration: The engine leverages the Acunetix (AWVS) API for automated full-site scans. The process follows a specific lifecycle: target registration, scan initialization, and result retrieval.
def register_scan_target(api_endpoint, api_token, target_url):
"""
Registers a new URL in the scanning queue.
"""
headers = {"X-Auth": api_token, "Content-Type": "application/json"}
payload = {"address": target_url, "description": "Automated Security Scan", "criticality": 10}
try:
resp = requests.post(f"{api_endpoint}/api/v1/targets", headers=headers, json=payload, verify=False)
if resp.status_code == 201:
return resp.json().get("target_id")
except requests.RequestException as error:
print(f"Target registration failed: {error}")
return None
Custom POC Verification: For middleware vulnerabilities, the system uses custom Python scripts to simulate specific network requests and analyze response patterns against known CVE signatures.
@csrf_exempt
def initiate_middleware_analysis(request):
target_address = request.POST.get('host')
cve_identifier = request.POST.get('cve_id').replace('-', '_')
timestamp = time.time()
# Database persistence for tracking status
MiddlewareAudit.objects.create(
host=target_address,
status="processing",
cve_tag=cve_identifier,
start_time=timestamp
)
return JsonResponse({"status": "initiated"})
3. Multi-threaded Port Reconnaissance
The port scanning utility utilizes Python’s socket library to perform TCP full-connect scans. To optimize speed, the system implements the concurrent.futures module for parallel execution.
import socket
from concurrent.futures import ThreadPoolExecutor
def check_port_status(host_config):
target_ip, target_port = host_config
socket.setdefaulttimeout(1.5)
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
exit_code = connection.connect_ex((target_ip, int(target_port)))
if exit_code == 0:
# Port is open; proceed to service identification
return target_port
except Exception:
pass
finally:
connection.close()
return None
def batch_scan(ip_address, ports_to_check):
configs = [(ip_address, p) for p in ports_to_check]
with ThreadPoolExecutor(max_workers=50) as runner:
results = list(runner.map(check_port_status, configs))
return [r for r in results if r is not None]
4. Web Fingerprinting and Asset Discovery
The fingerprinting module identifies the technology stack of a target web application by analyzing HTTP response headers and HTML body content.
- Technique: Keyword-based matching against a curated JSON database of signatures derived from platforms like Wappalyzer.
- Analysis: Extraction of the
Server,X-Powered-Byheaders and meta tags to pinpoint CMS versions, frameworks, and web server software.
5. Directory and File Discovery
Inspired by tools like dirsearch, this module performs dictionary-based brute forcing to locate hidden directories, configuration files, and backup data. It supports recursive scanning and custom extensions (PHP, ASPX, JSP).
6. Information Leakage and Subdomain Mapping
- Leakage Check: Scans for common misconfigurations like exposed
.gitdirectories,WEB-INFfolders, or sensitive environment files. - Domain Intelligence: Utilizes external APIs to map the subdomain landscape of a target organization, expanding the potential attack surface for assessment.
User Interface and Data Visualization
The frontend is built using a combination of Tabler UI and Bootstrap Table, providing a clean, responsive experience across desktop and mobile devices. Data visualization is handled by ECharts, which generates dynamic charts for vulnerability distribution, technology frequency, and scan statistics.
Database Schema for Navigation Assets
To support the security navigation feature, the system uses a relational schema to manage links and categories.
class WebResource(models.Model):
name = models.CharField(max_length=100, verbose_name='Resource Name')
link = models.URLField(verbose_name='URL')
category = models.ForeignKey('ResourceGroup', on_delete=models.CASCADE)
def __str__(self):
return self.name
class ResourceGroup(models.Model):
label = models.CharField(max_length=50)
priority = models.IntegerField(default=0)
icon_class = models.CharField(max_length=50, default='fa-link')
Deployment Requirements
- Environment: Python 3.7+ with Django 3.1.
- External Dependencies: An active Acunetix (AWVS) instance is required for full vulnerability scanning.
- Mail Server: Configuration of SMTP settings (Host, Port, User, Password) in
settings.pyis necessary for the password reset functionality.