A comprehensive web-based PHP vulnerability scanner that uses machine learning and static analysis to detect SQL injection vulnerabilities in PHP source code.
- Machine Learning: Uses Logistic Regression with TF-IDF vectorization (95.6% recall, 39.8% precision)
- Static Analysis: Implements taint analysis to track data flow from user inputs to SQL queries
- Real-time Scanning: Upload PHP files and get instant vulnerability analysis
- Drag & Drop: Modern file upload with drag-and-drop functionality
- Interactive Navigation: Click on vulnerable lines to see detailed taint analysis reports
- Comment Navigation: Click on comment lines to jump to related code errors
- Automatic Fix Generation: AI-powered secure code suggestions for detected vulnerabilities
- Multiple Vulnerability Types: Handles SQL injection, XSS, command injection, and file inclusion
- Detailed Explanations: Comprehensive explanations of vulnerabilities and fixes
- Copy-to-Clipboard: Easy copying of mitigation reports for implementation
- MySQL Integration: Full MySQL support with phpMyAdmin interface
- SQLite Fallback: Automatic fallback to SQLite for development
- Advanced Analytics: Comprehensive statistics and trend analysis with 4 interactive charts
- Model Performance Metrics: Real-time display of precision, recall, F1-score, and threshold
- Security Assessment: Threat level analysis and risk distribution visualization
- Data Export: CSV export functionality for scan results
- Modern UI: Clean, responsive interface built with Tailwind CSS
- Real-time Results: Interactive vulnerability display with detailed reports
- Scan History: Complete history of all scans with statistics and mitigation buttons
- Database Dashboard: Enterprise-grade analytics with 12+ metrics and 4 charts
- Professional Visualizations: Risk distribution, vulnerability trends, and activity monitoring
-
Clone and navigate to the project:
git clone <repository-url> cd threat-scope
-
Start the services:
docker-compose up -d
-
Access the applications:
- Main Scanner: http://127.0.0.1:5000 (or http://localhost:5000)
- phpMyAdmin: http://localhost:8080
- MySQL: localhost:3306
-
Install dependencies:
cd web pip install -r requirements.txt -
Set up MySQL (optional):
# Create database mysql -u root -p CREATE DATABASE threat_scope; CREATE USER 'threat_user'@'localhost' IDENTIFIED BY 'threat_password'; GRANT ALL PRIVILEGES ON threat_scope.* TO 'threat_user'@'localhost';
-
Set environment variables:
export DATABASE_URL="mysql+pymysql://threat_user:threat_password@localhost:3306/threat_scope"
-
Run the application:
python app.py
If you have existing SQLite data, migrate it to MySQL:
cd web
python migrate_to_mysql.py- Navigate to http://127.0.0.1:5000 (or http://localhost:5000)
- Upload a PHP file using the drag-and-drop interface
- View real-time vulnerability analysis results
- Click on "Past Scans" tab to see all previous scans
- View detailed statistics for each scan
- Click on any scan to view its results
- Click on "Database" tab to access the management interface
- View comprehensive statistics with 12+ metrics and 4 interactive charts
- Monitor model performance (precision, recall, F1-score)
- Assess security posture with threat level and risk distribution
- Export data as CSV
- Delete individual scans
- Upload vulnerable PHP files for scanning
- Click "π§ Generate Fixes" button on scans with vulnerabilities
- View detailed mitigation suggestions in interactive modal
- Copy comprehensive fix reports to clipboard
- Implement suggested secure coding patterns
- Navigate to http://localhost:8080
- Login with MySQL credentials
- Direct database access and management
GET /api/scans- Get paginated scan dataGET /api/stats- Get comprehensive system statistics and metricsDELETE /api/scan/<id>/delete- Delete a specific scan
GET /api/scan/<id>/mitigate- Generate mitigation suggestions for a specific scanPOST /api/mitigate- Generate mitigation suggestions for uploaded file
GET /api/export/csv- Export all scan data as CSV
threat-scope/
βββ web/ # Flask web application
β βββ app.py # Main Flask application
β βββ code_mitigator.py # Code mitigation engine
β βββ templates/ # HTML templates
β β βββ index.html # Main scanner interface
β β βββ database.html # Database management interface
β βββ scripts/ # Detection scripts
β βββ requirements.txt # Python dependencies
βββ data/ # Training data
β βββ train/safe/ # Safe PHP files
β βββ train/unsafe/ # Unsafe PHP files
βββ models/ # Trained ML models
βββ scripts/ # Training and analysis scripts
βββ docker-compose.yml # Docker configuration
βββ README.md # This file
The scanner uses a Logistic Regression classifier trained on:
- Features: TF-IDF vectorization with character n-grams (3-5 characters)
- Training Data: 8,640 safe and 912 unsafe PHP files
- Analysis: Line-level vulnerability detection with taint analysis
- Performance: 95.6% recall, 39.8% precision, 56.2% F1-score
- Threshold: 0.719 (optimized for maximum vulnerability detection)
id: Primary keyfilename: Name of scanned filetimestamp: When the scan was performedresults: JSON containing detailed scan resultstotal_lines: Total number of lines in the fileunsafe_lines: Number of unsafe lines detectedsafe_lines: Number of safe linesfile_size: File size in bytes
cd scripts
python prepare_data.py
python train_model.py --input preprocessed/train_linelevel.csv --model_out ../models/logreg_model.pkl --vectorizer_out ../models/tfidf_vectorizer.pklpython scripts/detect_lines.py --file path/to/file.php --model models/logreg_model.pkl --vectorizer models/tfidf_vectorizer.pkl --threshold 0.719# Run comprehensive evaluation
python scripts/comprehensive_evaluation.py
# Evaluate thresholds
python scripts/eval_thresholds.py
# Test mitigation system
python test_mitigation.pyDATABASE_URL: Database connection stringFLASK_ENV: Flask environment (development/production)
- MySQL root password:
rootpassword - Database:
threat_scope - User:
threat_user - Password:
threat_password
- Input Validation: Secure file upload handling
- SQL Injection Prevention: Parameterized queries
- XSS Protection: Proper output escaping
- CSRF Protection: Flask-WTF integration
-
Database Connection Failed
- Check MySQL service is running
- Verify connection credentials
- Ensure database exists
-
Model Loading Error
- Ensure model files exist in
models/directory - Check file permissions
- Ensure model files exist in
-
Docker Issues
- Run
docker-compose downanddocker-compose up -d - Check logs with
docker-compose logs
- Run
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- 12+ Comprehensive Metrics: Model performance, security assessment, operational intelligence
- 4 Interactive Charts: Vulnerability trends, risk distribution, file analysis, activity monitoring
- Professional Dashboard: Real-time threat level assessment and coverage analysis
- Automatic Fix Generation: Secure code suggestions for SQL injection, XSS, command injection
- Interactive Modal Interface: Beautiful popup with detailed explanations and copy functionality
- Multiple Vulnerability Types: Comprehensive coverage of common web vulnerabilities
- 95.6% Recall: Catches 95.6% of all vulnerabilities (excellent for security applications)
- Optimized Threshold: 0.719 threshold provides maximum detection capability
- Real-time Metrics: Live display of precision, recall, F1-score in dashboard
- Training data based on CWE-89 (SQL Injection) vulnerability patterns
- Machine learning implementation using scikit-learn
- Web interface built with Flask and Tailwind CSS
- Interactive charts powered by Chart.js
- Code mitigation engine with AI-powered suggestions