Hugging Face's logo

Spaces:
5m4ck3r
/
illuStrator
Running

App Files Community
5m4ck3r commited on
Commit
afb812e
Β·
verified Β·
1 Parent(s): ff0aa9f

Update app.py

Browse files
Files changed (1) hide show
  1. app.py +19 -19
app.py CHANGED
@@ -1080,48 +1080,48 @@ def chat():
1080
  return jsonify({"status" : True, "data" : result})
1081
 
1082
  FAKE_AI_RESPONSES = [
1083
- """πŸ€– Pentest Report Summary:
1084
- - πŸ” NMap detected Apache (80) and nginx (443) with port 22 closed.
1085
- - πŸ’‰ SQL Injection vectors like `' OR 1=1--` were successful. Suggest prepared statements!
1086
- - 🐍 XSS vulnerability found. Code: `<script>alert('XSS')</script>` β€” lacks sanitization.
1087
- - πŸ•΅οΈβ€β™‚οΈ Admin brute force success: SSH login with `admin:123456`.
1088
- - πŸ”“ IP leaked via WebRTC: `93.184.216.34`.
1089
- - πŸ›‘ Recommendation: Apply rate limits, update services, add CSP & headers, use VPN and fail2ban.""",
1090
 
1091
- """πŸ“‘ AI Diagnostic Log:
1092
  Scan reveals:
1093
  - Apache 2.4.41 and nginx 1.18.0 exposed on ports 80 & 443.
1094
  - SQLi payloads (`UNION SELECT ...`) executed β€” backend exposed.
1095
  - DOM-based XSS exists β€” input not escaped properly.
1096
  - Admin access cracked with Hydra. Weak creds used.
1097
  - IP leak confirmed β€” WebRTC not disabled.
1098
- πŸ‘¨β€πŸ”§ Fixes:
1099
  1. Harden auth systems.
1100
  2. Disable vulnerable headers.
1101
  3. Patch server software.
1102
  4. Use MFA and SSH key-pairs.""",
1103
 
1104
- """πŸ“‘ Threat Assessment:
1105
  Summary of Findings:
1106
- - βœ… Apache and nginx exposed β€” check for CVEs.
1107
- - 🚨 SQL injection succeeded β€” unsafe string concat in SQL.
1108
- - ⚠️ XSS verified β€” raw HTML injection detected.
1109
- - πŸ”‘ Admin login guessed: password too common.
1110
- - 🌍 IP visibility high β€” WebRTC exposed true IP.
1111
- πŸ”§ AI Recommendations:
1112
  - Sanitize ALL inputs.
1113
  - Apply strict content headers.
1114
  - Monitor access logs.
1115
  - Enforce strong credential policies and VPNs.""",
1116
 
1117
- """🀯 AI Forensics Mode Activated:
1118
- 🧠 I parsed the scan:
1119
  > Ports Open: 80 (Apache), 443 (nginx). SSH (22) = closed.
1120
  > SQL Injection worked! Classic `OR 1=1--` bypass succeeded.
1121
  > XSS alert triggered β€” page fails to sanitize `<img onerror>`.
1122
  > SSH brute-forced using `rockyou.txt`. Admin creds exposed.
1123
  > Your IP: `93.184.216.34` β€” revealed via simulated WebRTC.
1124
- πŸ” Next Steps:
1125
  - Patch Apache/nginx.
1126
  - Use prepared SQL queries.
1127
  - CSP, X-Frame, and HSTS headers.
 
1080
  return jsonify({"status" : True, "data" : result})
1081
 
1082
  FAKE_AI_RESPONSES = [
1083
+ """Pentest Report Summary:
1084
+ - NMap detected Apache (80) and nginx (443) with port 22 closed.
1085
+ - SQL Injection vectors like `' OR 1=1--` were successful. Suggest prepared statements!
1086
+ - XSS vulnerability found. Code: `<script>alert('XSS')</script>` β€” lacks sanitization.
1087
+ - Admin brute force success: SSH login with `admin:123456`.
1088
+ - IP leaked via WebRTC: `93.184.216.34`.
1089
+ - Recommendation: Apply rate limits, update services, add CSP & headers, use VPN and fail2ban.""",
1090
 
1091
+ """ AI Diagnostic Log:
1092
  Scan reveals:
1093
  - Apache 2.4.41 and nginx 1.18.0 exposed on ports 80 & 443.
1094
  - SQLi payloads (`UNION SELECT ...`) executed β€” backend exposed.
1095
  - DOM-based XSS exists β€” input not escaped properly.
1096
  - Admin access cracked with Hydra. Weak creds used.
1097
  - IP leak confirmed β€” WebRTC not disabled.
1098
+ Fixes:
1099
  1. Harden auth systems.
1100
  2. Disable vulnerable headers.
1101
  3. Patch server software.
1102
  4. Use MFA and SSH key-pairs.""",
1103
 
1104
+ """ Threat Assessment:
1105
  Summary of Findings:
1106
+ - Apache and nginx exposed β€” check for CVEs.
1107
+ - SQL injection succeeded β€” unsafe string concat in SQL.
1108
+ - XSS verified β€” raw HTML injection detected.
1109
+ - Admin login guessed: password too common.
1110
+ - IP visibility high β€” WebRTC exposed true IP.
1111
+ AI Recommendations:
1112
  - Sanitize ALL inputs.
1113
  - Apply strict content headers.
1114
  - Monitor access logs.
1115
  - Enforce strong credential policies and VPNs.""",
1116
 
1117
+ """ AI Forensics Mode Activated:
1118
+ I parsed the scan:
1119
  > Ports Open: 80 (Apache), 443 (nginx). SSH (22) = closed.
1120
  > SQL Injection worked! Classic `OR 1=1--` bypass succeeded.
1121
  > XSS alert triggered β€” page fails to sanitize `<img onerror>`.
1122
  > SSH brute-forced using `rockyou.txt`. Admin creds exposed.
1123
  > Your IP: `93.184.216.34` β€” revealed via simulated WebRTC.
1124
+ Next Steps:
1125
  - Patch Apache/nginx.
1126
  - Use prepared SQL queries.
1127
  - CSP, X-Frame, and HSTS headers.