AI Automated Infrastructure Vulnerability Scanner and Patching Tool with Ethereum and SIEM Integration

Overview

This is an advanced security scanning and vulnerability patching recommendation tool designed to help users detect vulnerabilities in their infrastructure and web applications. It integrates multiple scanning tools like Nmap, Lynis, Naabu, Gobuster, and Bandit, along with an AI-based recommendation engine to provide intelligent patching suggestions.

Features

Infrastructure Scanning: Uses Nmap, Lynis, and Naabu for network and system vulnerability detection.
Web Application Scanning: Gobuster for directory enumeration.
Source Code Analysis: Bandit for Python security analysis.
AI-Powered Patching Recommendations: Utilizes Groq AI to analyze scan logs and suggest mitigations.
Detailed Reporting: Generates log files in text and HTML formats for easy analysis.

System Requirements

OS: Linux (Tested on Kali Linux)
Dependencies:
- python3
- pandas
- nmap
- lynis
- naabu
- gobuster
- bandit
- requests
API Key: Groq API key for AI-based recommendations

Installation

Clone the repository:

git clone https://github.com/yourusername/scandroid.git
cd scandroid

Install dependencies:

sudo apt install nmap lynis naabu gobuster bandit
pip install pandas requests

Set up API Key:
- Open aiRecommendation.py
- Replace {API_KEY} with your actual Groq API key.

Usage

1. Running the Scanner

sudo python3 scanner.py

Select options from the menu to perform scans.
Logs are saved at /home/kali/Downloads/finalScanner/reports/.

2. Running the CSV Extractor

python3 csvExtractor.py --source /path/to/logs --output_dir /path/to/output

Extracts vulnerabilities from Lynis logs and generates CSV reports.

3. Running AI-Based Recommendations

python3 aiRecommendation.py

Reads scan logs and provides AI-driven security recommendations.

File Structure

scandroid/
├── scanner.py         # Main script for scanning
├── csvExtractor.py    # Extracts vulnerabilities from logs to CSV
├── aiRecommendation.py # AI-based patch recommendations
├── README.md          # Documentation
└── reports/           # Log files generated after scanning

Logging and Reports

Plain text logs: /home/kali/Downloads/finalScanner/reports/scanner_file.txt
HTML reports: /home/kali/Downloads/finalScanner/reports/scanner_file.html
AI reports: /home/kali/Downloads/finalScanner/aiReport/ai_report.txt

🛡️ Ethereum Blockchain Log Storage System

A secure and transparent system for storing and retrieving log files using Ethereum smart contracts. This project uses Web3, Solidity, and Python to interact with a local blockchain (Ganache).

🚀 Quick Start

1. Activate Virtual Environment

source myenv/bin/activate

2. Deploy the Smart Contract

python3 smartContract.py

📌 Note: Copy the deployed contract address (e.g., 0x123...) from the output and update it inside storage.py.

3. Store Logs on the Blockchain

python3 storage.py

⚙️ Prerequisites

Ensure the following dependencies are installed:

✅ Python 3.8+
✅ Node.js v14+
✅ npm
✅ Ganache CLI (for local blockchain testing)

💻 Installation

Python Dependencies

pip install web3 py-solc-x

Node.js & npm (Linux/Ubuntu)

sudo apt update
sudo apt install nodejs npm

Check Installed Versions

node -v
npm -v

Ganache CLI (Local Blockchain)

npm install -g ganache

🛠️ Usage

Start the Local Blockchain

ganache --port=7545

Open a new terminal for the next steps.

Step-by-Step Log Storage Workflow

Generate Contract Address

Run the following to deploy the smart contract:
```
python3 smartContract.py
```
This will output a contract address. Copy this address.
Store Scanner Logs

Paste the generated contract address into the storage.py script and run:
```
python3 storage.py
```
This will store your scanner logs on the blockchain.
Fetch Hashed Stored Logs

Make sure the contract address is updated in get_hashed_logs.py and run:
```
python3 get_hashed_logs.py
```
This will fetch and display the hashed log entries from the blockchain.

📂 File Structure

.
├── smartContract.py       # Smart contract deployment logic
├── storage.py             # Logs storage to blockchain
├── fetch_logs.py          # Read logs from local files
├── fetch_stored_logs.py   # Retrieve stored logs from blockchain
├── get_hashed_logs.py     # Generate & verify log hashes
├── LogStorage.sol         # Solidity smart contract
└── README.md              # This file

🐞 Troubleshooting

❌ Error	✅ Solution
`Connection refused`	Ensure Ganache CLI is running properly
`Module not found`	Reinstall Python dependencies
`Permission denied`	Use `sudo` if accessing system logs
`Empty results`	Confirm that the contract is deployed

📄 License

This project is licensed under the MIT License.

Future Enhancements

Add support for more vulnerability scanning tools.
Implement automated patching.
Enhance AI recommendations with additional machine learning models.

Contributors

Agastsya Joshi - Co-founder
Karman Arora - Co-founder
Nitin Dogra - Co-founder
Open to Contributions

Name		Name	Last commit message	Last commit date
Latest commit History 37 Commits
__pycache__		__pycache__
ethereum-storage-main		ethereum-storage-main
models		models
node_modules		node_modules
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
aiRecommendation.py		aiRecommendation.py
backend.js		backend.js
csvExtractor.py		csvExtractor.py
gobReport.txt		gobReport.txt
package-lock.json		package-lock.json
package.json		package.json
patchingSystem.py		patchingSystem.py
requirements.txt		requirements.txt
scanReport.html		scanReport.html
scanner.py		scanner.py
scheduler.py		scheduler.py
security_fix_results.log		security_fix_results.log

License

Agastsya/ScamDroid

Folders and files

Latest commit

History

Repository files navigation