CyberVision: An AI-Assisted Automated Web Penetration Testing Framework
CyberVision: An AI-Assisted Automated Web Penetration Testing Framework
Harshvardhan Gavali1, Arya Borawake2, Ayub Kureshi3, Sumedh Badole4, Prof. P. M. Kamde5
1,2,3,4Student, Department of Computer Engineering, Sinhgad College of Engineering, Pune, Maharashtra, India
5Guide, Department of Computer Engineering, Sinhgad College of Engineering, Pune, Maharashtra, India
Abstract - Web applications are increasingly targeted through injection attacks, authentication weaknesses, misconfiguration, ex-posed services, insecure APIs, and client-side vulnerabilities. Traditional penetration testing is effective but heavily dependent on skilled experts, repeated manual effort, and tool-specific interpretation. CyberVision addresses this limitation by integrating auto-mated reconnaissance, scanner orchestration, AI-assisted reasoning, risk prioritization, report generation, and analytics into a unified web-based framework. The proposed system allows an authorized tester to submit a target URL, IP address, or domain, execute single-tool scans or chained assessments, monitor terminal output in real time, analyze scan history, view results, and generate professional security reports. The framework integrates tools such as Nmap, Masscan, WHOIS, FFUF, Subfinder, Nikto, Nuclei, SQLMap, WhatWeb, WPScan, Dalfox, SSLCheck, HTTP header analysis, and port scanning utilities. AI support is used to inter-pret findings, estimate severity, summarize attack surface exposure, and recommend remediation. The system follows a modular architecture consisting of a frontend dashboard, controller and task queue, crawler-discovery module, scanner workers, vulnerability database, AI risk analyzer, AI solution generator, notification module, and analytics dashboard. Results from prototype testing on authorized targets demonstrate that CyberVision can detect open services, display scan progress, generate reports, maintain tool inventory, and provide a practical interface for developers and security analysts. The system is designed for educational, defensive, and authorized security assessment use.
Key Words: Web Penetration Testing, AI Security, Vulnerability Assessment, OWASP, Nmap, SQLMap, XSS, Risk Prioritization, Automated Scanning, CyberVision.