This AI-Integrated Vulnerability Scanner is a Python-based script that combines the power of Nmap, a popular network scanner, with OpenAI's ChatGPT, a state-of-the-art natural language processing model. The tool performs network scans using various profiles and provides a vulnerability analysis based on the scan results. The analysis includes a detailed description of the vulnerabilities, affected endpoints, evidences, and relevant references to OWASP ASVS, WSTG, CAPEC, and CWE. The tool supports multiple output formats, including HTML, CSV, XML, TXT, and JSON.
-
Install Python 3.x from https://www.python.org/downloads/
-
Download or clone the AI-Vuln-Scanner repository.
-
Navigate to the project's root folder in the terminal.
-
Install the required packages using pip:
pip install -r requirements.txt -
Add your OpenAI API key to a .env file in the root folder (optional, the script asks for the API key if no .env found):
OPENAI_API_KEY=your_api_key_here
Replace your_api_key_here with your actual OpenAI API key.
-
Open a terminal and navigate to the project's root folder.
-
Run the script with the required target and optional output format:
python vulnscanner.py -t target_ip_or_hostname -o output_format
Replace target_ip_or_hostname with the target's IP address or hostname, and output_format with the desired output format (html, csv, xml, txt, or json). If no output format is specified, the default format is 'html'.
- Choose a scan profile from the available options (Fast scan, Comprehensive scan, Stealth scan with UDP, Full port range scan, or Stealth and UDP scan with version detection and OS detection) by entering the corresponding number. The script will perform the scan and display the results on the screen. It will also save the results in a file with the specified output format in the project's root folder.
Example:
python vulnscanner.py -t 192.168.1.1 -o html
This command will perform a vulnerability scan on the IP address 192.168.1.1 and save the results in an HTML file.
The AI-Integrated Vulnerability Scanner is provided as-is, without any guarantees or warranties, either express or implied. By using this tool, you acknowledge that you are solely responsible for any consequences that may arise from its usage.
The tool is intended for educational purposes, ethical security assessments, and to help you identify potential vulnerabilities in your network or systems. It is strictly prohibited to use the AI-Integrated Vulnerability Scanner for malicious activities, unauthorized access, or any other illegal activities.
By using the AI-Integrated Vulnerability Scanner, you agree to assume full responsibility for your actions and the results generated by the tool. The developers and contributors of this project shall not be held liable for any damages or losses, whether direct, indirect, incidental, or consequential, arising from the use or misuse of this tool.
It is your responsibility to ensure that you have the proper authorization and consent before scanning any network or system. You must also comply with all applicable laws, regulations, and ethical guidelines related to network scanning and vulnerability assessment.
By using the AI-Integrated Vulnerability Scanner, you acknowledge and accept the terms stated in this Disclaimer of Liability. If you do not agree with these terms, you must not use this tool.