👻 Spectreweb AI v5.3.1

Self-Learning AI for Manual Web Penetration Testing

🎯 Manual Testing First | Self-Learning AI | WAF Bypass | Context-Aware | Bug Bounty Ready

███████╗██████╗ ███████╗ ██████╗████████╗██████╗ ███████╗
██╔════╝██╔══██╗██╔════╝██╔════╝╚══██╔══╝██╔══██╗██╔════╝
███████╗██████╔╝█████╗  ██║        ██║   ██████╔╝█████╗  
╚════██║██╔═══╝ ██╔══╝  ██║        ██║   ██╔══██╗██╔══╝  
███████║██║     ███████╗╚██████╗   ██║   ██║  ██║███████╗
╚══════╝╚═╝     ╚══════╝ ╚═════╝   ╚═╝   ╚═╝  ╚═╝╚══════╝
               ██╗    ██╗███████╗██████╗ 
               ██║    ██║██╔════╝██╔══██╗
               ██║ █╗ ██║█████╗  ██████╔╝
               ██║███╗██║██╔══╝  ██╔══██╗
               ╚███╔███╔╝███████╗██████╔╝
                ╚══╝╚══╝ ╚══════╝╚═════╝

🎯 Why Spectreweb AI Is Different

❌ Problems with Traditional Auto Scanners

Tool	Limitation
Nuclei, Nikto	Blocked by WAFs, signature-based, easy to detect
Burp Scanner	Slow, expensive license, not AI-native
OWASP ZAP	Noisy, many false positives
Generic automated tools	Rate limited, IP banned, miss logic bugs

✅ Spectreweb AI: Manual Testing with AI

Spectreweb is not an auto scanner – it is an AI-powered assistant for manual penetration testing:

┌─────────────────────────────────────────────────────────────────────┐
│  🎯 SPECTREWEB AI PHILOSOPHY                                        │
├─────────────────────────────────────────────────────────────────────┤
│                                                                     │
│  ❌ Auto scan → Blocked by WAF → Fail                               │
│  ✅ AI analyzes → Human decides → Smart tests → Success             │
│                                                                     │
│  "Don’t brute force the target – outsmart it."                     |
│                                                                     │
└─────────────────────────────────────────────────────────────────────┘

🔥 Key Differentiators

Feature	Traditional	Spectreweb AI
Approach	Blind auto-scanning	AI-guided, operator-driven testing
WAF Bypass	Hope it works	Generate 10+ smart bypass variants
Payloads	Static wordlists	Context-aware, mutated payloads
Rate Limits	Get blocked	Detect, adapt, and throttle
False Positives	Many	AI-assisted validation
Logic Bugs	Often missed	AI suggests business-logic test cases
Session	Stateless	Persists findings and context

🧠 Self-Learning AI (NEW in v4.1.0!)

Spectreweb AI includes a self-learning local AI that becomes smarter with your usage:

┌─────────────────────────────────────────────────────────────────────┐
│  🧠 SELF-LEARNING AI ARCHITECTURE                                   │
├─────────────────────────────────────────────────────────────────────┤
│                                                                     │
│  ┌──────────────┐     ┌──────────────┐     ┌──────────────┐        │
│  │ Your Scans   │────▶│ Learning     │────▶│ Local AI     │        │
│  │ & Feedback   │     │ Store (SQL)  │     │ Models       │        │
│  └──────────────┘     └──────────────┘     └──────────────┘        │
│                              │                    │                 │
│                              ▼                    ▼                 │
│                    ┌──────────────────────────────────────┐        │
│                    │         AI Orchestrator              │        │
│                    │  Local AI ←→ Remote AI (hybrid)      │        │
│                    └──────────────────────────────────────┘        │
│                                                                     │
└─────────────────────────────────────────────────────────────────────┘

🎓 What the AI Learns

Model	Learns From	Purpose
SecretClassifier	Your true/false positive feedback	Reduce false positives in secret detection
EndpointRiskScorer	Attack history & results	Prioritize high-risk endpoints
PayloadRanker	Payloads that actually worked	Prefer effective payloads first

🚀 How It Works (Automatic!)

# 1. Just use the tools normally - data is collected automatically!
deep_secret_hunt("target.com")     # → Secrets saved to learning store
attack_session.run_attack(...)     # → Attack results saved to learning store

# 2. Label findings to teach the AI (via MCP tools or API)
learning_label("secret_abc123", "false_positive")
learning_label("secret_xyz789", "true_positive")

# 3. Auto-train when ready (or manually trigger)
ai_auto_train()   # → Trains if 50+ labeled samples & 10+ new since last train
ai_train()        # → Force train immediately

# 4. Get smart insights from your history
ai_insights()
# → {"attack_effectiveness": {"sqli": 0.15, "xss": 0.08}, "recommendations": [...]}

# 5. Future scans use learned models automatically!
ai_classify_secret(secret_type="aws_key", entropy=4.8, in_test_file=True)
# → {"is_real": false, "confidence": 0.85, "model_used": "ml"}

🔧 MCP Tools for Self-Learning

Tool	Description
`ai_status`	Get AI models & learning store status
`ai_train`	Manually train models
`ai_auto_train`	Auto-train if enough new data
`ai_insights`	Get smart recommendations from history
`ai_classify_secret`	Classify a secret using local AI
`ai_score_endpoint`	Score endpoint vulnerability risk
`learning_stats`	View learning store statistics
`learning_list_findings`	List stored findings
`learning_label`	Label a finding (feedback loop)
`learning_export`	Export learning data to JSON

🔄 Hybrid AI Strategy

Local AI (fast, free, personalized):
- Secret classification
- Endpoint risk scoring
- Payload ranking
Remote AI (heavier, for complex reasoning):
- Deep vulnerability analysis
- Exploit ideation and refinement
- Report drafting and polishing

The AI orchestrator automatically chooses the most appropriate backend.

⚡ Core Capabilities

🛡️ WAF Bypass & Evasion

# Generate 10+ bypass variants for any payload
waf_bypass("<script>alert(1)</script>")

# Output: URL encoded, double encoded, unicode, hex, 
#         mixed case, null byte, comments, etc.

🔀 Payload Mutation

# Mutate payload with multiple techniques
mutate_payload("' OR '1'='1", "case,encode,whitespace,comments")

# Output: 15+ variations to bypass filters

🔑 IDOR Testing

# Generate IDOR test cases for any ID
generate_idor_tests("12345")
# → decrement, increment, zero, negative, array injection

generate_idor_tests("550e8400-e29b-41d4-a716-446655440000")
# → null UUID, modified UUID, etc.

🔓 Auth Bypass

# 26 techniques to bypass authentication
generate_auth_bypass("/admin")
# → method override, path manipulation, header bypass

👑 Privilege Escalation

# Test cases for privesc
generate_privesc_tests("user")
# → role params, hidden params, JWT claims

📊 Response Analysis

# Analyze error for info disclosure
analyze_error_response(error_page)
# → stack traces, DB errors, paths, versions

# Extract secrets from response
extract_secrets(response_body)
# → API keys, tokens, passwords, internal IPs

🚀 Quick Start

1. Clone & Install

git clone https://github.com/your-repo/spectreweb-ai
cd spectreweb-ai

# Create virtual environment
python3 -m venv venv
source venv/bin/activate

# Install dependencies
pip install -r requirements.txt

2. Install Security Tools (Recommended on Kali Linux)

# ProjectDiscovery tools
go install github.com/projectdiscovery/httpx/cmd/httpx@latest
go install github.com/projectdiscovery/subfinder/cmd/subfinder@latest
go install github.com/projectdiscovery/katana/cmd/katana@latest
go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest

# Other tools
go install github.com/tomnomnom/waybackurls@latest
go install github.com/lc/gau/v2/cmd/gau@latest
go install github.com/hahwul/dalfox/v2@latest

# Add to PATH`
echo 'export PATH="$HOME/go/bin:$PATH"' >> ~/.zshrc

3. Start the Spectreweb Server

python server.py

# Output:
# 👻 Spectreweb AI v5.3.1 - Starting...
# ✅ Server running at http://127.0.0.1:8888

4. Configure MCP (for Windsurf / Claude / MCP-compatible clients)

{
  "mcpServers": {
    "spectreweb-ai": {
      "command": "python",
      "args": ["/path/to/spectreweb-ai/mcp_client.py"],
      "env": {
        "SPECTREWEB_SERVER": "http://127.0.0.1:8888"
      }
    }
  }
}

🛠️ Tools Overview (60+ MCP Tools)

🎯 Manual Testing (Operator-First)

Tool	Description
`mutate_payload`	🔀 Mutate payloads with bypass techniques
`get_polyglot`	🎯 Polyglot payloads for multiple contexts
`waf_bypass`	🛡️ Generate WAF bypass variants
`test_rate_limit`	⏱️ Test rate limiting behavior
`generate_idor_tests`	🔑 IDOR test cases (numeric, UUID, b64)
`generate_privesc_tests`	👑 Privilege escalation tests
`generate_auth_bypass`	🔓 26 auth bypass techniques
`analyze_error_response`	🔍 Info disclosure analysis
`extract_secrets`	🔐 Extract secrets from responses
`suggest_tests`	💡 AI-suggested next tests

🧠 AI Analysis

Tool	Description
`ai_analyze`	Auto-analyze for vulns & tech detection
`ai_detect_tech`	Identify CMS, frameworks, WAF
`ai_classify_endpoint`	Classify URL → attack vectors
`ai_get_hints`	Context-aware hunting hints

📋 Smart Reporting

Tool	Description
`load_context`	🚨 Load previous findings (call first!)
`get_report`	Get/create persistent report
`add_finding`	Add finding with severity
`get_next_steps`	AI-suggested next steps

🔍 Reconnaissance

Tool	Description
`httpx_probe`	HTTP probing with tech detect
`subfinder_scan`	Subdomain discovery
`katana_crawl`	Modern web crawler
`waybackurls`	Historical URLs (with limit)
`gau_urls`	URLs from multiple sources
`naabu_scan`	Fast port scanning

⚔️ Attack Tools

Tool	Description
`test_xss` / `get_xss_advanced`	XSS with context-aware payloads
`test_sqli` / `get_sqli_advanced`	SQLi with DB-specific payloads
`test_ssrf` / `get_ssrf_bypasses`	SSRF with bypass techniques
`test_race`	Race condition testing
`test_graphql`	GraphQL introspection & attacks
`jwt_attack_*`	JWT none/confusion/injection
`get_nosql_payloads`	NoSQL injection payloads

🔐 Payload & Encoding

Tool	Description
`encode_payload`	URL, Base64, HTML, Hex
`decode_payload`	Decode any format
`get_wordlist`	SecLists with auto-resolve

💡 Real-World Workflow

Bug Bounty Example

You: "Test target.com for vulnerabilities"

Spectreweb AI:
1. 🔍 Recon: httpx_probe → Cloudflare WAF detected
2. 🛡️ Adapt: waf_bypass payloads generated
3. 🎯 Test: mutate_payload for XSS with 15 variations
4. 📊 Analyze: Found reflected input, WAF blocking <script>
5. 💡 Suggest: "Try event handlers: onerror, onload"
6. ✅ Success: <img src=x onerror=alert(1)> bypassed WAF

Finding saved → Persists across sessions

Session Persistence

Session 1:
> "Scan api.target.com"
> Found: JWT auth, GraphQL endpoint, rate limiting at 100 req/min
> Note: "GraphQL introspection enabled"

Session 2 (new chat):
> load_context("target.com")
> AI knows everything from Session 1
> Suggests: "Test JWT none algorithm, GraphQL batching attack"

📁 Project Structure

spectreweb-ai/
├── server.py              # Flask server
├── mcp_client.py          # MCP client (67 tools)
├── config/
│   ├── settings.py        # Configuration
│   └── wordlists.py       # SecLists (auto-resolve)
├── core/
│   ├── executor.py        # Command execution
│   ├── analyzer.py        # AI analysis engine
│   ├── reporter.py        # Smart reporting
│   ├── context.py         # Session persistence
│   ├── learning_store.py  # 📚 Learning data storage (NEW!)
│   ├── local_ai.py        # 🧠 Self-learning ML models (NEW!)
│   ├── ai_orchestrator.py # 🔄 Hybrid AI routing (NEW!)
│   └── utils.py           # Utilities
├── web/
│   ├── client.py          # HTTP client
│   ├── manual_testing.py  # Manual testing helpers
│   ├── attack_session.py  # 🎯 Advanced attack sessions (NEW!)
│   ├── deep_secrets.py    # 🔑 Deep secret hunting (NEW!)
│   ├── advanced_attacks.py # Advanced attack techniques
│   ├── advanced_scanner.py # Vuln scanners
│   ├── exploits.py        # Exploitation helpers
│   └── payloads.py        # Payload generation
└── api/
    └── routes.py          # API endpoints

📊 Statistics

Metric	Value
API Endpoints	110+
MCP Tools	67
Manual Testing Functions	20+
WAF Bypass Techniques	10+
Auth Bypass Techniques	26
Payload Mutation Methods	7
Local AI Models	3
Learning Store Tables	4
Self-Learning MCP Tools	10

🔒 Legal & Ethical Use

⚠️ IMPORTANT: Only test systems you are explicitly authorized to test.

Obtain written permission before any assessment.
Respect scope, rate limits, and rules of engagement.
Follow responsible disclosure practices when reporting vulnerabilities.

📝 License

MIT License – Use responsibly.

Built for bug bounty hunters and security engineers who think, not just scan.

👻 Spectreweb AI v5.3.1

"AI that learns from your hacking style and becomes stronger every day."

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
api		api
config		config
core		core
tools		tools
web		web
.gitignore		.gitignore
ARJUN_MIGRATION.md		ARJUN_MIGRATION.md
README.md		README.md
mcp_client.py		mcp_client.py
requirements.txt		requirements.txt
server.py		server.py
spectreweb-ai-mcp.json		spectreweb-ai-mcp.json
test_arjun_integration.py		test_arjun_integration.py

tuannguyen14/SpectreWeb-AI

Folders and files

Latest commit

History

Repository files navigation

👻 Spectreweb AI v5.3.1

🎯 Why Spectreweb AI Is Different

❌ Problems with Traditional Auto Scanners

✅ Spectreweb AI: Manual Testing with AI

🔥 Key Differentiators

🧠 Self-Learning AI (NEW in v4.1.0!)

🎓 What the AI Learns

🚀 How It Works (Automatic!)

🔧 MCP Tools for Self-Learning

🔄 Hybrid AI Strategy

⚡ Core Capabilities

🛡️ WAF Bypass & Evasion

🔀 Payload Mutation

🔑 IDOR Testing

🔓 Auth Bypass

👑 Privilege Escalation

📊 Response Analysis

🚀 Quick Start

1. Clone & Install

2. Install Security Tools (Recommended on Kali Linux)

3. Start the Spectreweb Server

4. Configure MCP (for Windsurf / Claude / MCP-compatible clients)

🛠️ Tools Overview (60+ MCP Tools)

🎯 Manual Testing (Operator-First)

🧠 AI Analysis

📋 Smart Reporting

🔍 Reconnaissance

⚔️ Attack Tools

🔐 Payload & Encoding

💡 Real-World Workflow

Bug Bounty Example

Session Persistence

📁 Project Structure

📊 Statistics

🔒 Legal & Ethical Use

📝 License

👻 Spectreweb AI v5.3.1

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages