Cyborg Vulnerability Scanner is a free, open-source tool designed to analyze your code for potential vulnerabilities and generate visually appealing, detailed reports. It supports scanning single files or entire directories and helps developers identify and mitigate security risks effectively.

• Comprehensive Vulnerability Detection:

  • Identifies critical issues like SQL injection, XSS, insecure deserialization, and insecure file handling.
  • Detects weak cryptographic algorithms such as MD5 and SHA1.

• Multi-Language Support:

  • Scans files written in PHP, HTML, and Python.

• Detailed Reports:

  • Generates an HTML report with a severity distribution chart and a table of detected vulnerabilities.

• Fast and Efficient:

  • Uses multithreading for fast directory scans.

• Customizable Detection:

  • Predefined detection rules that can be extended for specific use cases.

• User-Friendly GUI:

  • Built with ttkbootstrap, featuring a modern, responsive interface.

1. Clone the Repository:

   git clone https://github.com/dragonked2/Cyborg.git
   cd cyborg-vulnerability-scanner

2. Install Dependencies: Ensure Python 3.8+ is installed. Then, install required Python packages:

   pip install -r requirements.txt

3. Run the Scanner:

   python ve.py

1. Launch the application:

   python ve.py

2. Select either:
   • Scan Single File: Choose a specific file to scan.
   • Scan Directory: Select a folder to scan all files within it.
3. View the results in a detailed HTML report that opens automatically upon completion.

Future versions will support CLI commands for enhanced automation.

You can convert the Cyborg Vulnerability Scanner into an executable file using PyInstaller, allowing you to run the tool without needing Python installed.

Ensure you have PyInstaller installed. Run the following command:

pip install pyinstaller

Use PyInstaller to compile the Python script into a standalone executable:

python -m PyInstaller --onefile --noconsole ve.py

• --onefile: Bundles everything into a single executable file.
• --noconsole: Hides the console window (useful for GUI applications).

Navigate to the dist folder where the EXE file is generated, and double-click ve.exe to launch the tool.

dist/
└── ve.exe

Enjoy a seamless experience with your standalone vulnerability scanner!

Cyborg Scanner uses a comprehensive set of detection rules to find vulnerabilities, including:

• Input Handling:

  • Unsanitized inputs ($_GET, $_POST, $_REQUEST).
  • Unsafe cookies ($_COOKIE).

• Code Execution:

  • Dangerous functions like eval, exec, shell_exec.

• File Operations:

  • Potentially risky operations (file_put_contents, fopen, unlink).

• Cryptography:

  • Weak algorithms (e.g., md5, sha1).

• Output Escaping:

  • Unescaped user inputs in echo or print.

Sample of detected vulnerabilities in the HTML report:

The HTML report also includes a severity distribution chart for quick visualization.

You can add new detection rules in the DETECTION_RULES list within ve.py. Each rule must include:

• pattern: Regex pattern to detect the vulnerability.
• severity: Severity level (Critical, High, Medium, Low).
• description: Explanation of the vulnerability.

Example:

{"pattern": r"unsafe_function\s*\(", "severity": "Critical", "description": "Unsafe function detected. Avoid usage."}

Contributions are welcome! Here’s how you can contribute:

1. Fork the repository.
2. Create a new branch:

   git checkout -b feature-name

3. Commit your changes:

   git commit -m "Added new feature"

4. Push your branch and submit a pull request.

If you encounter issues or have suggestions, please create a GitHub issue or contact Ali Essam.

Thanks to all open-source contributors who inspired this project!

• Command-Line Interface (CLI):

  • Support for automation and integration into CI/CD pipelines.(soon)

• Custom Rules:

  • Allow users to define their own detection rules.(soon)

• Multi-Language Support:

  • Add support for JavaScript, Java, and C++.(soon)