Modern, OWASP-aligned PHP + MySQL prototype (XAMPP-friendly) with custom CSS/vanilla JS.

Modern, OWASP-aligned PHP + MySQL prototype (XAMPP-friendly) with custom CSS/vanilla JS.

📌 Project Overview

This repository is an open-source prototype of an AI-assisted web application vulnerability scanner built with PHP + MySQL and designed to run in a typical XAMPP / local environment. It focuses on being modern, OWASP-aligned, and user-friendly, using custom CSS and vanilla JavaScript for a smooth frontend experience.

🚀 Core Features

✔ 3-Step Scan Wizard
A guided flow for starting vulnerability scans with user consent and easy navigation.

✔ Real-Time Progress Updates
Live progress polling with options to pause or stop ongoing scans.

✔ Scan Results Dashboard
Displays found issues with filters for severity and detailed information cards.

✔ Heuristic “AI-Style” Confidence Text
Uses heuristic scoring to show confidence or relevance for each finding — making reports easier to understand.

✔ Report Generation
HTML reports are built-in, and PDF reports can also be produced if the dompdf library is installed.

✔ Authentication & Role-Based Access Control (RBAC)
User and admin accounts with CSRF protection for safe usage.

🛠 Technology Stack

• Backend: PHP (8.0+)

• Database: MySQL (5.7+/8.0)

• Frontend: Vanilla JavaScript + custom CSS

• Optional: Composer for PDF/email features (dompdf, phpmailer)

📁 How It Works

1. Setup

   • Create the database from provided SQL schema.

   • Configure database & optional mail settings.

   • Install optional dependencies via Composer.

2. Run Locally

   • Start PHP built-in server or use Apache.

   • Register / log in to the app.

3. Perform Scans

   • Launch scans from the wizard.

   • View results and generate printable reports for security findings.

⚠️ Security Notes

This tool performs non-destructive heuristic checks, meaning it doesn’t exploit or actively harm the target; always make sure you have permission before scanning any real application.