π― Educational cybersecurity scanning platform with real-world tool integration
A comprehensive web-based security testing suite for learning ethical hacking and penetration testing
EduScan is a modern web-based cybersecurity platform designed for educational purposes. It provides a comprehensive suite of security testing tools with an intuitive dashboard, making it perfect for learning ethical hacking, penetration testing, and security assessment methodologies.
- π Port Scanner - Network reconnaissance and service detection
- π‘οΈ SQL Injection Scanner - Database vulnerability assessment with Nuclei integration
- π¨ XSS Scanner - Cross-site scripting vulnerability detection with Dalfox
- π Header Analyzer - HTTP security headers analysis with nmap NSE scripts
- π Directory Buster - Web directory and file discovery with ffuf/dirb
- π OSINT Hub - Open source intelligence gathering tools
- π Credential Audit - Password security analysis
- π Scan History - Persistent storage with pagination and user sessions
- π¨ Modern UI - Dark theme with responsive design
- Frontend: React 18 + Tailwind CSS + Framer Motion
- Backend: FastAPI with real tool integration
- Database: JSON file-based storage with user sessions
- Security Tools: Nuclei, Dalfox, nmap, ffuf, dirb, nikto
- Password Tools: John the Ripper, Hashcat, HashID
- OSINT Tools: Holehe, PhoneInfoga, Ignorant, Truecaller API
- Network Tools: whois, nmap NSE scripts
- Node.js 16+ and npm
- Python 3.8+
- Go 1.19+ (for security tools)
git clone <repository-url>
cd eduscannpm install
cp .env.example .env
# Edit .env if needed (default API: /api via CRA proxy)
npm startThe frontend will be available at http://localhost:3000
cd server
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000The API will be available at http://localhost:8000
# Basic system tools
sudo apt update
sudo apt install python3-pip nmap nikto dirb whois
# Password cracking tools
sudo apt install john hashcat hashid
# Python OSINT tools
pip3 install holehe phoneinfoga
# Go-based tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest
# Social media OSINT (optional)
pip3 install ignorant
# Update nuclei templates
nuclei -update-templates# Using Homebrew
brew install nmap nikto dirb whois john-jumbo hashcat go
# Python tools
pip3 install holehe phoneinfoga ignorant
# Go tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest
# Update templates
nuclei -update-templates# Download and install manually:
# - Go: https://golang.org/dl/
# - nmap: https://nmap.org/download.html
# - John the Ripper: https://www.openwall.com/john/
# - Hashcat: https://hashcat.net/hashcat/
# Python tools
pip install holehe phoneinfoga ignorant
# Go tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest
# Update templates
nuclei.exe -update-templates# Core network tools
which nmap nuclei dalfox ffuf nikto dirb whois
# Password tools
which john hashcat hashid
# OSINT tools
which holehe phoneinfoga ignorant
# Check versions
nuclei -version
john --list=formats | head -5
hashcat --versionCreate .env file in the root directory:
# Frontend Configuration
REACT_APP_API_BASE_URL=/api # Use CRA proxy; works with ngrok tunneling to the frontend
# REACT_APP_API_BASE_URL=http://localhost:8000/api # Use this if you deploy the backend separately
# Backend Configuration (optional)
EDUSCAN_DEBUG=true
EDUSCAN_CORS_ORIGINS=http://localhost:3000Ensure all tools are in your PATH:
# Verify installations
which nmap
which nuclei
which dalfox
which ffuf
which nikto
which dirbeduscan/
βββ src/ # React frontend
β βββ components/ # Reusable UI components
β βββ pages/ # Scanner pages
β βββ context/ # React context providers
β βββ utils/ # API client and helpers
βββ server/ # FastAPI backend
β βββ app/
β β βββ api/ # API routes
β β βββ services/ # Tool integrations
β β βββ database.py # JSON database manager
β β βββ middleware.py # Cookie management
βββ public/ # Static assets
βββ docs/ # Documentation
| Endpoint | Method | Description |
|---|---|---|
/api/health |
GET | API health check |
/api/port-scan |
POST | Network port scanning |
/api/sqli-scan |
POST | SQL injection testing |
/api/xss-scan |
POST | Cross-site scripting testing |
/api/header-analyzer |
POST | HTTP header security analysis |
/api/directory-buster |
POST | Directory/file discovery |
/api/osint |
POST | OSINT information gathering |
/api/credential-audit |
POST | Password security audit |
/api/wappalyzer |
POST | Technology fingerprinting |
/api/history |
GET | Paginated scan history |
/api/history |
POST | Add custom history entry |
/api/history |
DELETE | Clear all history entries |
/api/history/{entry_id} |
DELETE | Delete a specific history record |
/api/user/stats |
GET | User statistics |
/api/scan-history |
GET | Legacy scan history alias |
- Only scan systems you own or have explicit permission to test
- Respect rate limits and avoid overwhelming target systems
- Use in isolated lab environments when possible
- Follow responsible disclosure for any vulnerabilities found
- Comply with all applicable laws and regulations
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
EduScan adalah platform keamanan siber berbasis web modern yang dirancang untuk tujuan edukasi. Platform ini menyediakan rangkaian lengkap alat pengujian keamanan dengan dashboard yang intuitif, membuatnya sempurna untuk mempelajari ethical hacking, penetration testing, dan metodologi penilaian keamanan.
- π Port Scanner - Reconnaissance jaringan dan deteksi layanan
- π‘οΈ SQL Injection Scanner - Penilaian kerentanan database dengan integrasi Nuclei
- π¨ XSS Scanner - Deteksi kerentanan cross-site scripting dengan Dalfox
- π Header Analyzer - Analisis header keamanan HTTP dengan skrip nmap NSE
- π Directory Buster - Penemuan direktori dan file web dengan ffuf/dirb
- π OSINT Hub - Alat pengumpulan intelijen sumber terbuka
- π Credential Audit - Analisis keamanan password
- π Riwayat Scan - Penyimpanan persisten dengan paginasi dan sesi pengguna
- π¨ UI Modern - Tema gelap dengan desain responsif
- Frontend: React 18 + Tailwind CSS + Framer Motion
- Backend: FastAPI dengan integrasi tool nyata
- Database: Penyimpanan berbasis file JSON dengan sesi pengguna
- Security Tools: Nuclei, Dalfox, nmap, ffuf, dirb, nikto
- Password Tools: John the Ripper, Hashcat, HashID
- OSINT Tools: Holehe, PhoneInfoga, Ignorant, Truecaller API
- Network Tools: whois, nmap NSE scripts
- Node.js 16+ dan npm
- Python 3.8+
- Go 1.19+ (untuk security tools)
git clone <repository-url>
cd eduscannpm install
cp .env.example .env
# Edit .env jika diperlukan (API default: /api lewat proxy CRA)
npm startFrontend akan tersedia di http://localhost:3000
cd server
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000API akan tersedia di http://localhost:8000
# Tools sistem dasar
sudo apt update
sudo apt install python3-pip nmap nikto dirb whois
# Tools password cracking
sudo apt install john hashcat hashid
# Python OSINT tools
pip3 install holehe phoneinfoga
# Go-based tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest
# Social media OSINT (opsional)
pip3 install ignorant
# Update nuclei templates
nuclei -update-templates# Menggunakan Homebrew
brew install nmap nikto dirb whois john-jumbo hashcat go
# Python tools
pip3 install holehe phoneinfoga ignorant
# Go tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest
# Update templates
nuclei -update-templates# Download dan install manual:
# - Go: https://golang.org/dl/
# - nmap: https://nmap.org/download.html
# - John the Ripper: https://www.openwall.com/john/
# - Hashcat: https://hashcat.net/hashcat/
# Python tools
pip install holehe phoneinfoga ignorant
# Go tools
go install github.com/hahwul/dalfox/v2@latest
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/ffuf/ffuf@latest
# Update templates
nuclei.exe -update-templates# Core network tools
which nmap nuclei dalfox ffuf nikto dirb whois
# Password tools
which john hashcat hashid
# OSINT tools
which holehe phoneinfoga ignorant
# Cek versi
nuclei -version
john --list=formats | head -5
hashcat --versionBuat file .env di direktori root:
# Konfigurasi Frontend
REACT_APP_API_BASE_URL=/api # Gunakan proxy CRA; cocok untuk ngrok ke frontend
# REACT_APP_API_BASE_URL=http://localhost:8000/api # Pakai ini jika backend dipisah
# Konfigurasi Backend (opsional)
EDUSCAN_DEBUG=true
EDUSCAN_CORS_ORIGINS=http://localhost:3000Pastikan semua tool ada di PATH Anda:
# Verifikasi instalasi
which nmap
which nuclei
which dalfox
which ffuf
which nikto
which dirbeduscan/
βββ src/ # React frontend
β βββ components/ # Komponen UI yang dapat digunakan kembali
β βββ pages/ # Halaman scanner
β βββ context/ # React context providers
β βββ utils/ # API client dan helpers
βββ server/ # FastAPI backend
β βββ app/
β β βββ api/ # Route API
β β βββ services/ # Integrasi tool
β β βββ database.py # Manager database JSON
β β βββ middleware.py # Manajemen cookie
βββ public/ # Asset statis
βββ docs/ # Dokumentasi
| Endpoint | Method | Deskripsi |
|---|---|---|
/api/health |
GET | Cek status API |
/api/port-scan |
POST | Scanning port jaringan |
/api/sqli-scan |
POST | Pengujian SQL injection |
/api/xss-scan |
POST | Pengujian cross-site scripting |
/api/header-analyzer |
POST | Analisis keamanan header HTTP |
/api/directory-buster |
POST | Penemuan direktori/file |
/api/osint |
POST | Pengumpulan informasi OSINT |
/api/credential-audit |
POST | Audit keamanan password |
/api/wappalyzer |
POST | Fingerprint teknologi |
/api/history |
GET | Riwayat scan dengan paginasi |
/api/history |
POST | Tambah entri riwayat manual |
/api/history |
DELETE | Hapus seluruh riwayat |
/api/history/{entry_id} |
DELETE | Hapus entri riwayat tertentu |
/api/user/stats |
GET | Statistik pengguna |
/api/scan-history |
GET | Endpoint legacy riwayat scan |
- Hanya scan sistem yang Anda miliki atau memiliki izin eksplisit untuk diuji
- Hormati batas rate dan hindari membebani sistem target
- Gunakan di lingkungan lab terisolasi jika memungkinkan
- Ikuti responsible disclosure untuk kerentanan yang ditemukan
- Patuhi semua hukum dan regulasi yang berlaku
- Fork repository
- Buat branch fitur (
git checkout -b feature/fitur-luar-biasa) - Commit perubahan Anda (
git commit -m 'Tambah fitur luar biasa') - Push ke branch (
git push origin feature/fitur-luar-biasa) - Buka Pull Request
Proyek ini dilisensikan di bawah MIT License - lihat file LICENSE untuk detailnya.
- Live Demo: [Coming Soon]
- Documentation: Wiki
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Jika Anda memiliki pertanyaan atau memerlukan bantuan:
- Baca dokumentasi terlebih dahulu
- Periksa Issues yang ada
- Buat issue baru dengan template yang sesuai
- Bergabunglah dengan Discussions
Made with β€οΈ for the cybersecurity community
Happy ethical hacking! π‘οΈ