Skip to content

RDTUTORIAL/EduScan

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

8 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

EduScan - Cybersecurity Learning Platform

🎯 Educational cybersecurity scanning platform with real-world tool integration
A comprehensive web-based security testing suite for learning ethical hacking and penetration testing


🌏 Language / Bahasa


English

πŸ“– Overview

EduScan is a modern web-based cybersecurity platform designed for educational purposes. It provides a comprehensive suite of security testing tools with an intuitive dashboard, making it perfect for learning ethical hacking, penetration testing, and security assessment methodologies.

✨ Key Features

  • πŸ” Port Scanner - Network reconnaissance and service detection
  • πŸ›‘οΈ SQL Injection Scanner - Database vulnerability assessment with Nuclei integration
  • 🚨 XSS Scanner - Cross-site scripting vulnerability detection with Dalfox
  • πŸ”’ Header Analyzer - HTTP security headers analysis with nmap NSE scripts
  • πŸ“ Directory Buster - Web directory and file discovery with ffuf/dirb
  • πŸ”Ž OSINT Hub - Open source intelligence gathering tools
  • πŸ”‘ Credential Audit - Password security analysis
  • πŸ“Š Scan History - Persistent storage with pagination and user sessions
  • 🎨 Modern UI - Dark theme with responsive design

πŸ—οΈ Architecture

  • Frontend: React 18 + Tailwind CSS + Framer Motion
  • Backend: FastAPI with real tool integration
  • Database: JSON file-based storage with user sessions
  • Security Tools: Nuclei, Dalfox, nmap, ffuf, dirb, nikto
  • Password Tools: John the Ripper, Hashcat, HashID
  • OSINT Tools: Holehe, PhoneInfoga, Ignorant, Truecaller API
  • Network Tools: whois, nmap NSE scripts

πŸš€ Quick Start

Prerequisites

  • Node.js 16+ and npm
  • Python 3.8+
  • Go 1.19+ (for security tools)

1. Clone Repository

git clone <repository-url>
cd eduscan

2. Frontend Setup

npm install
cp .env.example .env
# Edit .env if needed (default API: /api via CRA proxy)
npm start

The frontend will be available at http://localhost:3000

3. Backend Setup

cd server
python -m venv .venv
source .venv/bin/activate  # Windows: .venv\Scripts\activate
pip install -r requirements.txt
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000

The API will be available at http://localhost:8000

4. Install Security Tools

Ubuntu/Debian:

# Basic system tools
sudo apt update
sudo apt install python3-pip nmap nikto dirb whois

# Password cracking tools
sudo apt install john hashcat hashid

# Python OSINT tools  
pip3 install holehe phoneinfoga

# Go-based tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest

# Social media OSINT (optional)
pip3 install ignorant

# Update nuclei templates
nuclei -update-templates

macOS:

# Using Homebrew
brew install nmap nikto dirb whois john-jumbo hashcat go

# Python tools
pip3 install holehe phoneinfoga ignorant

# Go tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest

# Update templates
nuclei -update-templates

Windows:

# Download and install manually:
# - Go: https://golang.org/dl/
# - nmap: https://nmap.org/download.html
# - John the Ripper: https://www.openwall.com/john/
# - Hashcat: https://hashcat.net/hashcat/

# Python tools
pip install holehe phoneinfoga ignorant

# Go tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest  
go install github.com/ffuf/ffuf@latest

# Update templates
nuclei.exe -update-templates

Verify Installation:

# Core network tools
which nmap nuclei dalfox ffuf nikto dirb whois

# Password tools  
which john hashcat hashid

# OSINT tools
which holehe phoneinfoga ignorant

# Check versions
nuclei -version
john --list=formats | head -5
hashcat --version

πŸ”§ Configuration

Environment Variables

Create .env file in the root directory:

# Frontend Configuration
REACT_APP_API_BASE_URL=/api   # Use CRA proxy; works with ngrok tunneling to the frontend
# REACT_APP_API_BASE_URL=http://localhost:8000/api   # Use this if you deploy the backend separately

# Backend Configuration (optional)
EDUSCAN_DEBUG=true
EDUSCAN_CORS_ORIGINS=http://localhost:3000

Tool Paths

Ensure all tools are in your PATH:

# Verify installations
which nmap
which nuclei
which dalfox
which ffuf
which nikto
which dirb

πŸ“ Project Structure

eduscan/
β”œβ”€β”€ src/                      # React frontend
β”‚   β”œβ”€β”€ components/          # Reusable UI components
β”‚   β”œβ”€β”€ pages/              # Scanner pages
β”‚   β”œβ”€β”€ context/            # React context providers
β”‚   └── utils/              # API client and helpers
β”œβ”€β”€ server/                  # FastAPI backend
β”‚   β”œβ”€β”€ app/
β”‚   β”‚   β”œβ”€β”€ api/            # API routes
β”‚   β”‚   β”œβ”€β”€ services/       # Tool integrations
β”‚   β”‚   β”œβ”€β”€ database.py     # JSON database manager
β”‚   β”‚   └── middleware.py   # Cookie management
β”œβ”€β”€ public/                 # Static assets
└── docs/                   # Documentation

πŸ”Œ API Endpoints

Endpoint Method Description
/api/health GET API health check
/api/port-scan POST Network port scanning
/api/sqli-scan POST SQL injection testing
/api/xss-scan POST Cross-site scripting testing
/api/header-analyzer POST HTTP header security analysis
/api/directory-buster POST Directory/file discovery
/api/osint POST OSINT information gathering
/api/credential-audit POST Password security audit
/api/wappalyzer POST Technology fingerprinting
/api/history GET Paginated scan history
/api/history POST Add custom history entry
/api/history DELETE Clear all history entries
/api/history/{entry_id} DELETE Delete a specific history record
/api/user/stats GET User statistics
/api/scan-history GET Legacy scan history alias

πŸ›‘οΈ Security & Ethics

⚠️ IMPORTANT: This tool is for educational purposes only. Always ensure you have explicit written permission before scanning any systems. Use responsibly and in accordance with applicable laws and regulations.

Ethical Guidelines

  1. Only scan systems you own or have explicit permission to test
  2. Respect rate limits and avoid overwhelming target systems
  3. Use in isolated lab environments when possible
  4. Follow responsible disclosure for any vulnerabilities found
  5. Comply with all applicable laws and regulations

🀝 Contributing

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.


Bahasa Indonesia

πŸ“– Gambaran Umum

EduScan adalah platform keamanan siber berbasis web modern yang dirancang untuk tujuan edukasi. Platform ini menyediakan rangkaian lengkap alat pengujian keamanan dengan dashboard yang intuitif, membuatnya sempurna untuk mempelajari ethical hacking, penetration testing, dan metodologi penilaian keamanan.

✨ Fitur Utama

  • πŸ” Port Scanner - Reconnaissance jaringan dan deteksi layanan
  • πŸ›‘οΈ SQL Injection Scanner - Penilaian kerentanan database dengan integrasi Nuclei
  • 🚨 XSS Scanner - Deteksi kerentanan cross-site scripting dengan Dalfox
  • πŸ”’ Header Analyzer - Analisis header keamanan HTTP dengan skrip nmap NSE
  • πŸ“ Directory Buster - Penemuan direktori dan file web dengan ffuf/dirb
  • πŸ”Ž OSINT Hub - Alat pengumpulan intelijen sumber terbuka
  • πŸ”‘ Credential Audit - Analisis keamanan password
  • πŸ“Š Riwayat Scan - Penyimpanan persisten dengan paginasi dan sesi pengguna
  • 🎨 UI Modern - Tema gelap dengan desain responsif

πŸ—οΈ Arsitektur

  • Frontend: React 18 + Tailwind CSS + Framer Motion
  • Backend: FastAPI dengan integrasi tool nyata
  • Database: Penyimpanan berbasis file JSON dengan sesi pengguna
  • Security Tools: Nuclei, Dalfox, nmap, ffuf, dirb, nikto
  • Password Tools: John the Ripper, Hashcat, HashID
  • OSINT Tools: Holehe, PhoneInfoga, Ignorant, Truecaller API
  • Network Tools: whois, nmap NSE scripts

πŸš€ Memulai Cepat

Prasyarat

  • Node.js 16+ dan npm
  • Python 3.8+
  • Go 1.19+ (untuk security tools)

1. Clone Repository

git clone <repository-url>
cd eduscan

2. Setup Frontend

npm install
cp .env.example .env
# Edit .env jika diperlukan (API default: /api lewat proxy CRA)
npm start

Frontend akan tersedia di http://localhost:3000

3. Setup Backend

cd server
python -m venv .venv
source .venv/bin/activate  # Windows: .venv\Scripts\activate
pip install -r requirements.txt
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000

API akan tersedia di http://localhost:8000

4. Install Security Tools

Ubuntu/Debian:

# Tools sistem dasar
sudo apt update
sudo apt install python3-pip nmap nikto dirb whois

# Tools password cracking
sudo apt install john hashcat hashid

# Python OSINT tools  
pip3 install holehe phoneinfoga

# Go-based tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest

# Social media OSINT (opsional)
pip3 install ignorant

# Update nuclei templates
nuclei -update-templates

macOS:

# Menggunakan Homebrew
brew install nmap nikto dirb whois john-jumbo hashcat go

# Python tools
pip3 install holehe phoneinfoga ignorant

# Go tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest

# Update templates
nuclei -update-templates

Windows:

# Download dan install manual:
# - Go: https://golang.org/dl/
# - nmap: https://nmap.org/download.html
# - John the Ripper: https://www.openwall.com/john/
# - Hashcat: https://hashcat.net/hashcat/

# Python tools
pip install holehe phoneinfoga ignorant

# Go tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest  
go install github.com/ffuf/ffuf@latest

# Update templates
nuclei.exe -update-templates

Verifikasi Instalasi:

# Core network tools
which nmap nuclei dalfox ffuf nikto dirb whois

# Password tools  
which john hashcat hashid

# OSINT tools
which holehe phoneinfoga ignorant

# Cek versi
nuclei -version
john --list=formats | head -5
hashcat --version

πŸ”§ Konfigurasi

Environment Variables

Buat file .env di direktori root:

# Konfigurasi Frontend
REACT_APP_API_BASE_URL=/api   # Gunakan proxy CRA; cocok untuk ngrok ke frontend
# REACT_APP_API_BASE_URL=http://localhost:8000/api   # Pakai ini jika backend dipisah

# Konfigurasi Backend (opsional)
EDUSCAN_DEBUG=true
EDUSCAN_CORS_ORIGINS=http://localhost:3000

Path Tool

Pastikan semua tool ada di PATH Anda:

# Verifikasi instalasi
which nmap
which nuclei
which dalfox
which ffuf
which nikto
which dirb

πŸ“ Struktur Proyek

eduscan/
β”œβ”€β”€ src/                      # React frontend
β”‚   β”œβ”€β”€ components/          # Komponen UI yang dapat digunakan kembali
β”‚   β”œβ”€β”€ pages/              # Halaman scanner
β”‚   β”œβ”€β”€ context/            # React context providers
β”‚   └── utils/              # API client dan helpers
β”œβ”€β”€ server/                  # FastAPI backend
β”‚   β”œβ”€β”€ app/
β”‚   β”‚   β”œβ”€β”€ api/            # Route API
β”‚   β”‚   β”œβ”€β”€ services/       # Integrasi tool
β”‚   β”‚   β”œβ”€β”€ database.py     # Manager database JSON
β”‚   β”‚   └── middleware.py   # Manajemen cookie
β”œβ”€β”€ public/                 # Asset statis
└── docs/                   # Dokumentasi

πŸ”Œ Endpoint API

Endpoint Method Deskripsi
/api/health GET Cek status API
/api/port-scan POST Scanning port jaringan
/api/sqli-scan POST Pengujian SQL injection
/api/xss-scan POST Pengujian cross-site scripting
/api/header-analyzer POST Analisis keamanan header HTTP
/api/directory-buster POST Penemuan direktori/file
/api/osint POST Pengumpulan informasi OSINT
/api/credential-audit POST Audit keamanan password
/api/wappalyzer POST Fingerprint teknologi
/api/history GET Riwayat scan dengan paginasi
/api/history POST Tambah entri riwayat manual
/api/history DELETE Hapus seluruh riwayat
/api/history/{entry_id} DELETE Hapus entri riwayat tertentu
/api/user/stats GET Statistik pengguna
/api/scan-history GET Endpoint legacy riwayat scan

πŸ›‘οΈ Keamanan & Etika

⚠️ PENTING: Tool ini hanya untuk tujuan edukasi. Selalu pastikan Anda memiliki izin tertulis eksplisit sebelum memindai sistem apa pun. Gunakan dengan bertanggung jawab dan sesuai dengan hukum dan regulasi yang berlaku.

Panduan Etika

  1. Hanya scan sistem yang Anda miliki atau memiliki izin eksplisit untuk diuji
  2. Hormati batas rate dan hindari membebani sistem target
  3. Gunakan di lingkungan lab terisolasi jika memungkinkan
  4. Ikuti responsible disclosure untuk kerentanan yang ditemukan
  5. Patuhi semua hukum dan regulasi yang berlaku

🀝 Berkontribusi

  1. Fork repository
  2. Buat branch fitur (git checkout -b feature/fitur-luar-biasa)
  3. Commit perubahan Anda (git commit -m 'Tambah fitur luar biasa')
  4. Push ke branch (git push origin feature/fitur-luar-biasa)
  5. Buka Pull Request

πŸ“„ Lisensi

Proyek ini dilisensikan di bawah MIT License - lihat file LICENSE untuk detailnya.


πŸ”— Links

πŸ’¬ Support

Jika Anda memiliki pertanyaan atau memerlukan bantuan:

  1. Baca dokumentasi terlebih dahulu
  2. Periksa Issues yang ada
  3. Buat issue baru dengan template yang sesuai
  4. Bergabunglah dengan Discussions

Made with ❀️ for the cybersecurity community
Happy ethical hacking! πŸ›‘οΈ

About

Educational cybersecurity platform for learning ethical hacking and penetration testing through real-world security tools, interactive dashboards, and automated vulnerability scanning.

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors