Agentic-AI-Based-Penetration-Testing-System
This repository contains a modern web-based vulnerability scanner built with Next.js, React, and LangChain. The application uses a custom AI-driven agent pipeline to analyze a target URL and generate a structured security report containing findings for XSS, SQL Injection, CSRF, IDOR, header misconfigurations, and redirect vulnerabilities.
- Modern and responsive web interface
- Real-time scan trace logging and progress updates
- AI-guided scan orchestration using specialized security agents
- Structured vulnerability findings and report generation
- Built with Next.js App Router and React 19
Before running the project, ensure the following are installed:
- Node.js 20 or later
- npm 10 or later
- A modern web browser
- OpenRouter API key(s)
Download and install Node.js from:
cd minorproject/vuln-scanner
npm installCreate a .env.local file inside minorproject/vuln-scanner and add your OpenRouter API credentials:
OPENROUTER_KEY1=your_openrouter_api_key_1
OPENROUTER_KEY2=your_openrouter_api_key_2
OPENROUTER_KEY3=your_openrouter_api_key_3At least one API key is required. Multiple keys may be used for fallback or parallel access.
Start the development server from the minorproject/vuln-scanner directory:
npm run devOpen the application in your browser:
http://localhost:3000
minorproject/vuln-scanner/
│
├── app/ # Next.js pages and API routes
├── lib/ # Scan graph, agents, tools, and state management
├── public/ # Static assets
├── package.json # Project dependencies and metadata
└── .env.local # Environment variables
- The client sends a scan request to
/api/scan - The server initializes the AI-driven scan graph
- Specialized agents analyze the target URL
- Real-time scan traces stream back to the frontend
- Findings are aggregated into a structured security report
| Variable | Description |
|---|---|
| OPENROUTER_KEY1 | Primary OpenRouter API key |
| OPENROUTER_KEY2 | Secondary OpenRouter API key |
| OPENROUTER_KEY3 | Tertiary OpenRouter API key |
- This project uses Next.js 16, React 19, Tailwind CSS, and LangChain
- The scanning engine integrates with the OpenRouter API through
@langchain/openai - The application will fail to start if API keys are not configured properly
- Only scan systems you own or are explicitly authorized to test
- Intended strictly for educational and research purposes
- Unauthorized scanning of production systems may violate laws or organizational policies
Update agent implementations inside:
minorproject/vuln-scanner/lib/agents/
Modify:
minorproject/vuln-scanner/lib/graph.ts
Edit:
minorproject/vuln-scanner/app/page.tsx
- Verify your Node.js and npm versions
- Ensure
.env.localexists and contains valid API keys - Reinstall dependencies using
npm install
- Confirm the target URL is valid and reachable
- Inspect browser developer tools for network or console errors
- Verify API connectivity and request logs
- Configure API keys in
.env.local - Install dependencies using
npm install - Start the development server using
npm run dev - Launch scans through the web interface using authorized target URLs
This repository contains project source files intended for educational, academic, and research purposes. Licensing should follow your university, organization, or project policy.