Tired of AI analysis tools always returning the same five generic vulnerabilities no matter what URL you feed them, I built **VulnScan AI** — a local Python web application that first *actually* inspects the target and then passes that evidence to the AI to analyze something specific.
**What makes it different?**
Before calling any model, the application collects real data:
- 🌐 **Websites**: HTTP headers present/absent, technologies detected (exact version of Apache, PHP, WordPress, etc.), cookies without `HttpOnly`/`Secure`, forms with GET requests, information leaks in headers
- ⚡ **APIs**: tests every real endpoint, detects open CORS, endpoints without authentication, `token`/`traceback` leaks in responses
- 🔌 **Red**: multi-threaded TCP scanning + banner capture to extract exact service versions. All this data goes into the alert. If it detects `Server: Apache/2.4.49`, it reports **CVE-2021-41773**, not "possible vulnerability in the web server".
**Stack:**
- Pure Python (stdlib + requests + pyusb)
- Integrated HTTP server, no Flask or anything extra
- Dark, terminal-style web frontend launched from the script itself
- OpenRouter as the AI backend (supports Gemini, Claude, GPT-4o, Llama)
- Professional HTML reports with 0-100 scoring, CVSS by vulnerability and evidence field
- Persistent history in JSON
**6 modules:** Website · Network/Ports · Operating System · USB · Source Code · REST API
If you really want it, I might be willing to make it public!
⚠️ Only for use on your own systems or with explicit authorization.
What module or feature would you add? Feedback welcome.