AI-Powered Security Scanner with Professional Reporting
Transform URL security scanning with intelligent AI analysis and professional reporting
π Live Demo β’ π Documentation β’ π§ Installation β’ π Deploy
- π― Overview
- β¨ Features
- ποΈ Architecture
- π Quick Start
- π§ Installation
- π Deployment
- π API Documentation
- ποΈ Configuration
- π€ Contributing
- π License
AutoPent.AI is a cutting-edge security assessment platform that combines automated vulnerability scanning with AI-powered analysis. It provides security professionals and developers with comprehensive security reports that are both technically accurate and business-friendly.
- π§ AI-Powered Analysis: Leverages OpenAI GPT models for intelligent vulnerability assessment
- π Professional Reports: Generates publication-ready PDF reports with executive summaries
- β‘ Serverless Architecture: Built for scalability with Vercel's edge functions
- π― Zero Configuration: Works out-of-the-box with minimal setup
- π Privacy-First: No data storage - scan results are temporary and secure
- HTTP Security Headers Analysis - Detects missing security headers (CSP, HSTS, X-Frame-Options)
- SSL/TLS Configuration Assessment - Validates certificate security and protocol versions
- Content Security Analysis - Identifies potential XSS vectors and inline scripts
- Information Disclosure Detection - Finds exposed server information and debug data
- Risk Prioritization - AI-powered vulnerability severity assessment
- Fix Recommendations - Detailed, actionable remediation guidance
- Business Impact Analysis - Translates technical findings into business risks
- Contextual Insights - Industry-specific security recommendations
- Executive Summaries - Board-ready risk assessments
- Technical Details - Comprehensive vulnerability breakdowns
- Visual Risk Metrics - Charts and graphs for quick understanding
- Compliance Mapping - OWASP Top 10 and industry standard alignment
- Real-time Scanning - Live progress updates with WebSocket-like experience
- Responsive Design - Mobile-friendly interface for on-the-go assessments
- API-First Design - RESTful APIs for integration with existing workflows
- Serverless Deployment - Automatic scaling and global edge distribution
graph TB
A[User Interface] --> B[Flask API Gateway]
B --> C[Security Scanner Engine]
B --> D[AI Analysis Module]
B --> E[Report Generator]
C --> F[Header Analysis]
C --> G[SSL/TLS Checks]
C --> H[Content Scanner]
D --> I[OpenAI GPT Integration]
D --> J[Risk Assessment]
D --> K[Remediation Engine]
E --> L[PDF Generator]
E --> M[Executive Summary]
E --> N[Technical Report]
B --> O[Vercel Edge Functions]
O --> P[Global CDN]
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | Vanilla JavaScript, Modern CSS | Responsive, fast UI |
| Backend | Flask, Python 3.12 | RESTful API services |
| AI Engine | OpenAI GPT-4 | Intelligent analysis |
| Reports | ReportLab | Professional PDF generation |
| Security | Custom Scanner Engine | Vulnerability detection |
| Deployment | Vercel, Serverless Functions | Global edge distribution |
# Clone the repository
git clone https://github.com/your-username/AutoPent.AI.git
cd AutoPent.AI
# Install dependencies
pip install -r requirements.txt
# Configure environment (optional)
cp env.example .env
# Edit .env with your OpenAI API key
# Run the application
python run_web.pyπ Access at: http://localhost:5000
# Build and run with Docker
docker build -t autopent-ai .
docker run -p 5000:5000 -e OPENAI_API_KEY=your_key autopent-ai- Python 3.12+ (3.9+ supported with legacy build)
- Node.js 20.x or 22.x (for Vercel deployment)
- OpenAI API Key (optional, for AI features)
-
Clone and Install
git clone https://github.com/your-username/AutoPent.AI.git cd AutoPent.AI pip install -r requirements.txt -
Environment Configuration
cp env.example .env
Edit
.env:OPENAI_API_KEY=sk-your-openai-api-key-here FLASK_ENV=development
-
Run Application
python run_web.py
# Run with auto-reload
python -m api.main
# Run tests
python -m pytest tests/
# Format code
black . && isort .-
Connect Repository
- Fork this repository
- Connect to Vercel Dashboard
- Import your fork
-
Environment Variables
OPENAI_API_KEY=your_openai_api_key_here PYTHONPATH=. -
Deploy
- Push to main branch
- Automatic deployment via GitHub integration
Railway Deployment
# Install Railway CLI
npm install -g @railway/cli
# Login and deploy
railway login
railway init
railway upHeroku Deployment
# Install Heroku CLI and deploy
heroku create your-app-name
heroku config:set OPENAI_API_KEY=your_key
git push heroku mainAWS Lambda
# Use Serverless Framework
npm install -g serverless
serverless deployProduction: https://your-app.vercel.app/api
Local: http://localhost:5000/api
GET /api/healthResponse:
{
"status": "healthy",
"timestamp": "2025-01-25T10:30:00Z",
"version": "1.0.0",
"environment": "production",
"features": {
"ai_analysis": true,
"pdf_reports": true,
"security_scanning": true
}
}POST /api/scan
Content-Type: application/jsonRequest:
{
"target_url": "https://example.com",
"include_ai": true
}Response:
{
"status": "success",
"scan_id": "20250125_103000",
"target_url": "https://example.com",
"results": {
"metadata": { "target_url": "https://example.com" },
"summary": {
"total_alerts": 5,
"risk_counts": {
"High": 1,
"Medium": 2,
"Low": 2
}
},
"alerts": [...],
"statistics": {...}
},
"ai_enabled": true,
"ai_analyses_count": 5
}GET /api/download-report/{scan_id}Response: PDF file download
GET /api/configResponse:
{
"ai_enabled": true,
"max_scan_targets": 1,
"supported_protocols": ["http", "https"],
"features": {
"security_headers": true,
"ssl_analysis": true,
"ai_analysis": true,
"pdf_reports": true
}
}| Code | Description |
|---|---|
200 |
Success |
400 |
Bad Request - Invalid parameters |
404 |
Not Found - Resource doesn't exist |
500 |
Internal Server Error |
| Variable | Required | Default | Description |
|---|---|---|---|
OPENAI_API_KEY |
No | "" |
OpenAI API key for AI analysis |
FLASK_ENV |
No | production |
Flask environment mode |
PYTHONPATH |
No | "." |
Python module search path |
# In config.py
class Config:
# AI Features
OPENAI_MODEL = "gpt-4" # or "gpt-3.5-turbo"
OPENAI_MAX_TOKENS = 1500
OPENAI_TEMPERATURE = 0.3
# Scanning Configuration
MAX_SCAN_DEPTH = 5
SCAN_TIMEOUT = 30 # seconds
# Report Configuration
REPORT_TITLE = "Security Assessment Report"
REPORT_AUTHOR = "AutoPent.AI"Custom Scanner Settings
# Custom timeout and user agent
scanner_config = {
"timeout": 10,
"user_agent": "AutoPent.AI Security Scanner",
"follow_redirects": True,
"verify_ssl": False # For testing
}AI Model Customization
# Custom AI prompts and models
ai_config = {
"model": "gpt-4",
"temperature": 0.3,
"max_tokens": 2000,
"custom_prompts": {
"vulnerability_analysis": "Custom prompt here..."
}
}We welcome contributions! Please see our Contributing Guidelines for details.
- Fork the repository
- Create a feature branch
git checkout -b feature/amazing-feature
- Make your changes
- Add tests
python -m pytest tests/
- Commit your changes
git commit -m "Add amazing feature" - Push to the branch
git push origin feature/amazing-feature
- Open a Pull Request
# Install development dependencies
pip install -r requirements-dev.txt
# Install pre-commit hooks
pre-commit install
# Run linting
flake8 . && black . && isort .
# Run security checks
bandit -r .- Python: PEP 8 compliance with Black formatting
- JavaScript: ESLint with Airbnb configuration
- Commits: Conventional Commits specification
- Documentation: Google-style docstrings
If you discover a security vulnerability, please send an email to security@autopent-ai.com. All security vulnerabilities will be promptly addressed.
- Input Validation: All user inputs are validated and sanitized
- Rate Limiting: API endpoints are protected against abuse
- Secure Headers: Security headers are implemented by default
- No Data Persistence: Scan results are not stored permanently
| Metric | Value | Notes |
|---|---|---|
| Scan Time | 5-15 seconds | Depends on target response time |
| AI Analysis | 10-30 seconds | Per vulnerability |
| Report Generation | 2-5 seconds | PDF creation time |
| Memory Usage | <512MB | Peak during scan |
- Serverless Cold Start: <2 seconds
- Edge Caching: Static assets cached globally
- Concurrent Scanning: Multiple vulnerability checks in parallel
- Optimized AI Calls: Batch processing for efficiency
- Multi-target Scanning - Scan multiple URLs simultaneously
- Custom Rules Engine - User-defined security rules
- Integration APIs - Slack, Teams, and webhook notifications
- Historical Tracking - Trend analysis and improvement tracking
- Team Collaboration - Multi-user workspaces
- Custom Branding - White-label reporting options
- v1.0.0 - Initial release with core scanning features
- v1.1.0 - Added AI analysis and enhanced reporting
- v1.2.0 - Vercel deployment optimization and performance improvements
This project is licensed under the MIT License - see the LICENSE file for details.
- OpenAI for providing the AI analysis capabilities
- Vercel for the exceptional serverless platform
- Flask community for the robust web framework
- ReportLab for professional PDF generation
- Security Community for vulnerability research and best practices
- π Documentation: View Docs
- π¬ Community: Join Discord
- π Bug Reports: GitHub Issues
- βοΈ Email: support@autopent-ai.com
For enterprise features, custom integrations, or priority support, contact us at enterprise@autopent-ai.com.
Made with β€οΈ for the security community
β Star us on GitHub β’ π¦ Follow on Twitter β’ πΌ LinkedIn