mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-02-12 14:02:45 +00:00
328 lines
13 KiB
HTML
328 lines
13 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Security Assessment Report - 20260114_154548</title>
|
|
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
|
|
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css">
|
|
<style>
|
|
:root {
|
|
--bg-primary: #0a0e17;
|
|
--bg-secondary: #111827;
|
|
--bg-card: #1a1f2e;
|
|
--border-color: #2d3748;
|
|
--text-primary: #e2e8f0;
|
|
--text-secondary: #94a3b8;
|
|
--accent: #3b82f6;
|
|
--critical: #ef4444;
|
|
--high: #f97316;
|
|
--medium: #eab308;
|
|
--low: #22c55e;
|
|
--info: #6366f1;
|
|
}
|
|
* { margin: 0; padding: 0; box-sizing: border-box; }
|
|
body {
|
|
font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
|
|
background: var(--bg-primary);
|
|
color: var(--text-primary);
|
|
line-height: 1.6;
|
|
}
|
|
.container { max-width: 1400px; margin: 0 auto; padding: 2rem; }
|
|
|
|
/* Header */
|
|
.header {
|
|
background: linear-gradient(135deg, #1e3a5f 0%, #0f172a 100%);
|
|
padding: 3rem 2rem;
|
|
border-radius: 16px;
|
|
margin-bottom: 2rem;
|
|
border: 1px solid var(--border-color);
|
|
}
|
|
.header-content { display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; gap: 1rem; }
|
|
.logo { font-size: 2rem; font-weight: 800; background: linear-gradient(90deg, #3b82f6, #8b5cf6); -webkit-background-clip: text; -webkit-text-fill-color: transparent; }
|
|
.report-meta { text-align: right; color: var(--text-secondary); font-size: 0.9rem; }
|
|
|
|
/* Stats Grid */
|
|
.stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1.5rem; margin-bottom: 2rem; }
|
|
.stat-card {
|
|
background: var(--bg-card);
|
|
border-radius: 12px;
|
|
padding: 1.5rem;
|
|
border: 1px solid var(--border-color);
|
|
transition: transform 0.2s, box-shadow 0.2s;
|
|
}
|
|
.stat-card:hover { transform: translateY(-2px); box-shadow: 0 8px 25px rgba(0,0,0,0.3); }
|
|
.stat-value { font-size: 2.5rem; font-weight: 700; }
|
|
.stat-label { color: var(--text-secondary); font-size: 0.875rem; text-transform: uppercase; letter-spacing: 0.5px; }
|
|
.stat-critical .stat-value { color: var(--critical); }
|
|
.stat-high .stat-value { color: var(--high); }
|
|
.stat-medium .stat-value { color: var(--medium); }
|
|
.stat-low .stat-value { color: var(--low); }
|
|
|
|
/* Risk Score */
|
|
.risk-section { display: grid; grid-template-columns: 1fr 1fr; gap: 2rem; margin-bottom: 2rem; }
|
|
@media (max-width: 900px) { .risk-section { grid-template-columns: 1fr; } }
|
|
.risk-card {
|
|
background: var(--bg-card);
|
|
border-radius: 16px;
|
|
padding: 2rem;
|
|
border: 1px solid var(--border-color);
|
|
}
|
|
.risk-score-circle {
|
|
width: 180px; height: 180px;
|
|
border-radius: 50%;
|
|
background: conic-gradient(#f1c40f 0deg, #f1c40f 108.0deg, #2d3748 108.0deg);
|
|
display: flex; align-items: center; justify-content: center;
|
|
margin: 0 auto 1rem;
|
|
}
|
|
.risk-score-inner {
|
|
width: 140px; height: 140px;
|
|
border-radius: 50%;
|
|
background: var(--bg-card);
|
|
display: flex; flex-direction: column; align-items: center; justify-content: center;
|
|
}
|
|
.risk-score-value { font-size: 3rem; font-weight: 800; color: #f1c40f; }
|
|
.risk-score-label { color: var(--text-secondary); font-size: 0.875rem; }
|
|
.chart-container { height: 250px; }
|
|
|
|
/* Targets */
|
|
.targets-list { display: flex; flex-wrap: wrap; gap: 0.5rem; margin-top: 1rem; }
|
|
.target-tag {
|
|
background: rgba(59, 130, 246, 0.2);
|
|
border: 1px solid var(--accent);
|
|
padding: 0.5rem 1rem;
|
|
border-radius: 20px;
|
|
font-size: 0.875rem;
|
|
font-family: monospace;
|
|
}
|
|
|
|
/* Main Report */
|
|
.report-section {
|
|
background: var(--bg-card);
|
|
border-radius: 16px;
|
|
padding: 2rem;
|
|
border: 1px solid var(--border-color);
|
|
margin-bottom: 2rem;
|
|
}
|
|
.section-title {
|
|
font-size: 1.5rem;
|
|
font-weight: 700;
|
|
margin-bottom: 1.5rem;
|
|
padding-bottom: 1rem;
|
|
border-bottom: 2px solid var(--accent);
|
|
display: flex;
|
|
align-items: center;
|
|
gap: 0.75rem;
|
|
}
|
|
.section-title::before {
|
|
content: '';
|
|
width: 4px;
|
|
height: 24px;
|
|
background: var(--accent);
|
|
border-radius: 2px;
|
|
}
|
|
|
|
/* Vulnerability Cards */
|
|
.report-content h2 {
|
|
background: linear-gradient(90deg, var(--bg-secondary), transparent);
|
|
padding: 1rem 1.5rem;
|
|
border-radius: 8px;
|
|
margin: 2rem 0 1rem;
|
|
border-left: 4px solid var(--accent);
|
|
font-size: 1.25rem;
|
|
}
|
|
.report-content h2:has-text("Critical"), .report-content h2:contains("CRITICAL") { border-left-color: var(--critical); }
|
|
.report-content h3 { color: var(--accent); margin: 1.5rem 0 0.75rem; font-size: 1.1rem; }
|
|
.report-content table {
|
|
width: 100%;
|
|
border-collapse: collapse;
|
|
margin: 1rem 0;
|
|
background: var(--bg-secondary);
|
|
border-radius: 8px;
|
|
overflow: hidden;
|
|
}
|
|
.report-content th, .report-content td {
|
|
padding: 0.75rem 1rem;
|
|
text-align: left;
|
|
border-bottom: 1px solid var(--border-color);
|
|
}
|
|
.report-content th { background: rgba(59, 130, 246, 0.1); color: var(--accent); font-weight: 600; }
|
|
.report-content pre {
|
|
background: #0d1117;
|
|
border: 1px solid var(--border-color);
|
|
border-radius: 8px;
|
|
padding: 1rem;
|
|
overflow-x: auto;
|
|
margin: 1rem 0;
|
|
}
|
|
.report-content code {
|
|
font-family: 'JetBrains Mono', 'Fira Code', monospace;
|
|
font-size: 0.875rem;
|
|
}
|
|
.report-content p { margin: 0.75rem 0; }
|
|
.report-content hr { border: none; border-top: 1px solid var(--border-color); margin: 2rem 0; }
|
|
.report-content ul, .report-content ol { margin: 1rem 0; padding-left: 1.5rem; }
|
|
.report-content li { margin: 0.5rem 0; }
|
|
|
|
/* Severity Badges */
|
|
.report-content h2 { position: relative; }
|
|
|
|
/* Footer */
|
|
.footer {
|
|
text-align: center;
|
|
padding: 2rem;
|
|
color: var(--text-secondary);
|
|
font-size: 0.875rem;
|
|
border-top: 1px solid var(--border-color);
|
|
margin-top: 3rem;
|
|
}
|
|
|
|
/* Print Styles */
|
|
@media print {
|
|
body { background: white; color: black; }
|
|
.stat-card, .risk-card, .report-section { border: 1px solid #ddd; }
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<div class="container">
|
|
<div class="header">
|
|
<div class="header-content">
|
|
<div>
|
|
<div class="logo">NeuroSploit</div>
|
|
<p style="color: var(--text-secondary); margin-top: 0.5rem;">AI-Powered Security Assessment Report</p>
|
|
</div>
|
|
<div class="report-meta">
|
|
<div><strong>Report ID:</strong> 20260114_154548</div>
|
|
<div><strong>Date:</strong> 2026-01-14 15:46</div>
|
|
<div><strong>Agent:</strong> bug_bounty_hunter</div>
|
|
</div>
|
|
</div>
|
|
<div class="targets-list">
|
|
<span class="target-tag">testphp.vulnweb.com</span>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="stats-grid">
|
|
<div class="stat-card stat-critical">
|
|
<div class="stat-value">0</div>
|
|
<div class="stat-label">Critical</div>
|
|
</div>
|
|
<div class="stat-card stat-high">
|
|
<div class="stat-value">2</div>
|
|
<div class="stat-label">High</div>
|
|
</div>
|
|
<div class="stat-card stat-medium">
|
|
<div class="stat-value">0</div>
|
|
<div class="stat-label">Medium</div>
|
|
</div>
|
|
<div class="stat-card stat-low">
|
|
<div class="stat-value">0</div>
|
|
<div class="stat-label">Low</div>
|
|
</div>
|
|
<div class="stat-card">
|
|
<div class="stat-value" style="color: var(--accent);">0</div>
|
|
<div class="stat-label">Tests Run</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="risk-section">
|
|
<div class="risk-card">
|
|
<h3 style="text-align: center; margin-bottom: 1rem; color: var(--text-secondary);">Risk Score</h3>
|
|
<div class="risk-score-circle">
|
|
<div class="risk-score-inner">
|
|
<div class="risk-score-value">30</div>
|
|
<div class="risk-score-label">Medium</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="risk-card">
|
|
<h3 style="margin-bottom: 1rem; color: var(--text-secondary);">Severity Distribution</h3>
|
|
<div class="chart-container">
|
|
<canvas id="severityChart"></canvas>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="report-section">
|
|
<div class="section-title">Vulnerability Report</div>
|
|
<div class="report-content">
|
|
<p>Based on the reconnaissance data provided, I can see numerous URLs with parameters that are potential targets for XSS testing. However, I notice that the reconnaissance summary shows "Vulnerabilities Found: 0", which means no actual vulnerability scanning has been performed yet - only URL discovery.</p>
|
|
<p>To properly analyze for XSS vulnerabilities, I would need the actual results from XSS scanning tools (like nuclei, XSStrike, or custom payloads). The current data only shows potential attack surfaces.</p>
|
|
<h2>Assessment Status</h2>
|
|
<p><strong>Current Status:</strong> No XSS vulnerabilities detected during this assessment</p>
|
|
<p><strong>Reason:</strong> The provided data contains only reconnaissance information (URL discovery) but no actual vulnerability scanning results. To generate a proper vulnerability report, I would need:</p>
|
|
<ol>
|
|
<li><p><strong>XSS Scanner Output</strong> - Results from tools like:</p>
|
|
<ul>
|
|
<li>Nuclei XSS templates</li>
|
|
<li>XSStrike</li>
|
|
<li>Custom XSS payload testing</li>
|
|
<li>Manual testing results</li>
|
|
</ul>
|
|
</li>
|
|
<li><p><strong>HTTP Response Data</strong> - Actual server responses showing XSS execution</p>
|
|
</li>
|
|
</ol>
|
|
<h2>Recommended Next Steps for XSS Testing</h2>
|
|
<p>Based on the discovered parameters, here are the high-priority targets for XSS testing:</p>
|
|
<h3>High-Priority Parameters for XSS Testing:</h3>
|
|
<pre><code>- r parameter in redir.php (10,000+ instances found)
|
|
- id parameter in various endpoints
|
|
- cat parameter in listproducts.php
|
|
- cmd parameter in root directory
|
|
- artist parameter in AJAX/infoartist.php
|
|
</code></pre>
|
|
<h3>Sample XSS Test Commands:</h3>
|
|
<pre><code class="language-bash"># Test reflected XSS on redir.php
|
|
curl "http://testphp.vulnweb.com/redir.php?r=<script>alert('XSS')</script>"
|
|
|
|
# Test XSS on id parameter
|
|
curl "http://testphp.vulnweb.com/AJAX/infoartist.php?id=<script>alert('XSS')</script>"
|
|
|
|
# Test XSS on cat parameter
|
|
curl "http://testphp.vulnweb.com/listproducts.php?cat=<script>alert('XSS')</script>"
|
|
</code></pre>
|
|
<p><strong>To complete the XSS analysis, please run actual XSS scanning tools against these endpoints and provide the results.</strong></p>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<div class="footer">
|
|
<p>Generated by <strong>NeuroSploit</strong> - AI-Powered Penetration Testing Framework</p>
|
|
<p style="margin-top: 0.5rem;">Confidential - For authorized personnel only</p>
|
|
</div>
|
|
</div>
|
|
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
|
|
<script>
|
|
hljs.highlightAll();
|
|
|
|
// Severity Chart
|
|
const ctx = document.getElementById('severityChart').getContext('2d');
|
|
new Chart(ctx, {
|
|
type: 'doughnut',
|
|
data: {
|
|
labels: ['Critical', 'High', 'Medium', 'Low', 'Info'],
|
|
datasets: [{
|
|
data: [0, 2, 0, 0, 3],
|
|
backgroundColor: ['#ef4444', '#f97316', '#eab308', '#22c55e', '#6366f1'],
|
|
borderWidth: 0,
|
|
hoverOffset: 10
|
|
}]
|
|
},
|
|
options: {
|
|
responsive: true,
|
|
maintainAspectRatio: false,
|
|
plugins: {
|
|
legend: {
|
|
position: 'right',
|
|
labels: { color: '#94a3b8', padding: 15, font: { size: 12 } }
|
|
}
|
|
},
|
|
cutout: '60%'
|
|
}
|
|
});
|
|
</script>
|
|
</body>
|
|
</html> |