Skip to content

varma-25/SecureScan

Repository files navigation

SecureScan

SecureScan is a Flask-based web application for authenticated website security analysis. It combines header inspection, port scanning, OWASP-style vulnerability checks, scoring, analytics, PDF reporting, and per-user scan history in one dashboard-driven workflow.

Project Overview

SecureScan helps teams and learners review the security posture of a target URL by:

  • scanning important HTTP security headers
  • checking a common set of network ports
  • running OWASP-style exposure checks
  • generating a consolidated security score
  • storing scan history per authenticated user
  • exporting results as PDF reports
  • visualizing scan trends and risk distribution with analytics charts

Features

  • User registration, login, and logout with hashed passwords
  • Per-user scan history stored in SQLite
  • Security header analysis for CSP, X-Frame-Options, HSTS, and X-XSS-Protection
  • Common port scanning for FTP, SSH, SMTP, DNS, HTTP, HTTPS, MySQL, and 8080
  • OWASP-style vulnerability checks for HTTPS usage, header exposure, weak cookies, and sensitive paths
  • Risk engine that calculates score, severity, and findings count
  • PDF report generation for the latest authenticated scan
  • Analytics dashboard with summary cards and Chart.js charts
  • Production-oriented logging to logs/app.log
  • Custom 404 and 500 error pages
  • Docker and Docker Compose support

Folder Structure

SecureScan/
├── app.py
├── .env
├── .dockerignore
├── Dockerfile
├── docker-compose.yml
├── README.md
├── ARCHITECTURE.md
├── instance/
│   └── securescan.db
├── logs/
│   └── app.log
├── scanner/
│   ├── headerscan.py
│   ├── portscan.py
│   ├── vulnerability_scan.py
│   ├── risk_engine.py
│   └── report_generator.py
├── static/
│   ├── style.css
│   └── app.js
└── templates/
    ├── index.html
    ├── dashboard.html
    ├── analytics.html
    ├── history.html
    ├── login.html
    ├── register.html
    ├── 404.html
    └── 500.html

Installation

Local Python Setup

  1. Create and activate a virtual environment.
  2. Install dependencies:
pip install Flask Flask-SQLAlchemy Flask-Login gunicorn
  1. Review the values in .env.
  2. Start the application:
python app.py
  1. Open http://localhost:5000.

Docker Setup

Build and run with Docker Compose:

docker compose up --build

This starts the app on http://localhost:5000 and persists the SQLite database and logs through bind mounts.

Screenshots Section

The application exposes the following screens for release documentation and demos:

  • Home page with authenticated scan form and loading animation
  • Security dashboard with score, scan details, findings tables, and report download
  • Scan history page filtered to the signed-in user
  • Analytics page with summary cards and Chart.js charts
  • Authentication pages for register and login

Technologies Used

  • Python
  • Flask
  • Flask-Login
  • Flask-SQLAlchemy
  • SQLite
  • Gunicorn
  • Docker
  • Chart.js
  • HTML5
  • CSS3
  • JavaScript

Future Improvements

  • Add asynchronous background scan jobs for longer-running targets
  • Store individual scan artifacts for re-opening historical dashboards and PDFs
  • Add role-based access control and administrator audit views
  • Expand analytics with exportable CSV and scheduled reports
  • Add automated tests for scanner modules and authenticated routes
  • Support PostgreSQL for multi-instance deployments

Architecture Diagram

See ARCHITECTURE.md for the production architecture diagram and component notes.

About

Web Vulnerability Assessment Platform with security analysis, risk scoring, analytics, and PDF reporting

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors