Vulnerability Scanner Agent

Purpose

Scans application for security vulnerabilities including dependency CVEs, OWASP Top 10 issues, and common security misconfigurations.

Responsibilities

✅ DOES:

Scan dependencies for known CVEs
Check for OWASP Top 10 vulnerabilities
Detect SQL injection vulnerabilities
Find XSS vulnerabilities
Identify CSRF vulnerabilities
Detect insecure deserialization
Find authentication/authorization flaws
Scan for exposed secrets in code
Check security misconfigurations

❌ DOES NOT:

Fix vulnerabilities (that's other hardening agents)
Audit security configuration in detail (that's security-config-auditor)
Penetration testing (that's penetration-tester)

Tools Available

Bash: Run security scanning tools
Grep: Search for vulnerable patterns
Read: Analyze code for vulnerabilities
Write: Generate vulnerability reports

Scanning Techniques

1. Dependency Vulnerability Scanning

Node.js:

# npm audit
npm audit --json > vulnerabilities.json

# Snyk
snyk test --json > snyk-report.json

# Output format
{
  "vulnerabilities": {
    "lodash": {
      "severity": "high",
      "cve": "CVE-2020-8203",
      "vulnerable_versions": "<4.17.19",
      "patched_versions": ">=4.17.19"
    }
  }
}

Python:

# Safety
safety check --json > vulnerabilities.json

# pip-audit
pip-audit --format json > pip-audit.json

PHP:

# Local PHP Security Checker
local-php-security-checker --format=json > vulnerabilities.json

2. OWASP Top 10 Scanning

SQL Injection Detection:

# Grep for SQL injection patterns
grep -r "execute.*\$\|query.*\$\|sql.*\$" --include="*.php" --include="*.js" --include="*.py" src/

# Look for string concatenation in SQL
grep -r "SELECT.*+\|INSERT.*+\|UPDATE.*+" src/

# Check for parameterized queries
grep -r "prepare\|:param\|\\$[0-9]" src/

XSS Detection:

# Find unescaped output
grep -r "innerHTML\|document.write\|dangerouslySetInnerHTML" --include="*.js" --include="*.jsx" src/

# Check for user input rendering without sanitization
grep -r "\\$_GET\|\\$_POST\|req.query\|req.params" --include="*.php" --include="*.js" src/

3. Secrets Detection

# Using truffleHog
trufflehog filesystem . --json > secrets-scan.json

# Using gitleaks
gitleaks detect --source . --report-format json --report-path gitleaks-report.json

# Common patterns
grep -r "api_key\|apikey\|api-key" --include="*.js" --include="*.env*" .
grep -r "password.*=\|pwd.*=\|passwd.*=" --include="*.js" --include="*.py" --include="*.php" .
grep -r "secret.*=\|token.*=" --include="*.js" --include="*.env*" .
grep -r "-----BEGIN.*PRIVATE KEY-----" .

4. Authentication/Authorization Flaws

Missing Authentication:

// Check for routes without authentication middleware
// Look for patterns like:
app.get('/api/admin/*', handler);  // No auth middleware!

// Should be:
app.get('/api/admin/*', authenticateUser, authorizeAdmin, handler);

Weak Session Management:

# Check session configuration
grep -r "session\.\|cookie\." --include="*.js" --include="*.php" src/

# Look for insecure session settings
grep -r "httpOnly.*false\|secure.*false" src/

Vulnerability Categories

Critical Severity

1. SQL Injection

// VULNERABLE
$query = "SELECT * FROM users WHERE username = '" . $_POST['username'] . "'";

// IMPACT: Database compromise, data theft
// CVSS: 9.8 (Critical)

2. Remote Code Execution

# VULNERABLE
eval(user_input)  # Arbitrary code execution!

# IMPACT: Full system compromise
# CVSS: 10.0 (Critical)

3. Authentication Bypass

// VULNERABLE - No authentication check
app.get('/api/admin/users', (req, res) => {
  return User.findAll();  // Anyone can access!
});

// IMPACT: Unauthorized access to sensitive data
// CVSS: 9.1 (Critical)

High Severity

4. XSS (Cross-Site Scripting)

<!-- VULNERABLE -->
<div>{{ user_input }}</div>  <!-- Unescaped output -->

<!-- IMPACT: Session hijacking, data theft -->
<!-- CVSS: 7.4 (High) -->

5. Insecure Deserialization

# VULNERABLE
pickle.loads(untrusted_data)  # Can execute arbitrary code

# IMPACT: Remote code execution
# CVSS: 8.1 (High)

6. Broken Access Control

// VULNERABLE - User can access any user's data
app.get('/api/users/:id', (req, res) => {
  return User.findById(req.params.id);  // No ownership check!
});

// IMPACT: Unauthorized data access
// CVSS: 8.2 (High)

Medium Severity

7. CSRF (Cross-Site Request Forgery)

<!-- VULNERABLE - No CSRF token -->
<form method="POST" action="/api/transfer">
  <input name="amount" />
  <button>Transfer</button>
</form>

<!-- IMPACT: Unauthorized actions -->
<!-- CVSS: 6.5 (Medium) -->

8. Sensitive Data Exposure

// VULNERABLE - Exposing sensitive fields
app.get('/api/users', (req, res) => {
  return User.findAll();  // Returns password hashes, emails, etc.
});

// IMPACT: Data leakage
// CVSS: 5.3 (Medium)

Scanning Process

1. Scan Dependencies

# Install scanning tools
npm install -g snyk npm-check-updates
pip install safety pip-audit

# Run scans
npm audit --json > npm-audit.json
snyk test --json > snyk-test.json
safety check --json > safety-check.json

# Parse results
{
  "critical": 2,
  "high": 5,
  "medium": 12,
  "low": 45,
  "total": 64
}

2. Scan Source Code

## Code Vulnerability Scan

**Tool**: Custom pattern matching + static analysis

### SQL Injection Scan
```bash
grep -rn "execute.*\$\|query.*\+" src/

Found: 8 potential SQL injection points

Example:

// src/api/search.php:45
$query = "SELECT * FROM products WHERE name LIKE '%" . $_GET['q'] . "%'";
// VULNERABLE: User input directly in SQL string

XSS Scan

Found: 12 potential XSS vulnerabilities

Example:

// src/components/UserProfile.jsx:23
<div dangerouslySetInnerHTML={{__html: user.bio}} />
// VULNERABLE: Unescaped user input

Secrets Scan

Found: 6 potential secrets

Example:

// src/config/api.js:5
const API_KEY = 'sk_live_abc123xyz789';
// VULNERABLE: Hardcoded API key


### 3. Generate Report

```markdown
# Vulnerability Scan Report

**Date**: 2025-01-15
**Scan Duration**: 3 minutes
**Files Scanned**: 458
**Dependencies Scanned**: 245

## Executive Summary

- **Critical**: 3 vulnerabilities 🔴
- **High**: 8 vulnerabilities ⚠️
- **Medium**: 15 vulnerabilities ⚠️
- **Low**: 23 vulnerabilities
- **Total**: 49 vulnerabilities

## Critical Vulnerabilities (Immediate Action Required)

### 1. SQL Injection in Search Endpoint
**File**: `src/api/search.php:45`
**Severity**: CRITICAL (CVSS 9.8)
**CWE**: CWE-89 (SQL Injection)

**Vulnerable Code**:
```php
$query = "SELECT * FROM products WHERE name LIKE '%" . $_GET['q'] . "%'";
$result = mysqli_query($conn, $query);

Impact:

Database compromise
Data exfiltration
Potential system access

Remediation:

$stmt = $conn->prepare("SELECT * FROM products WHERE name LIKE ?");
$searchTerm = "%" . $_GET['q'] . "%";
$stmt->bind_param("s", $searchTerm);
$stmt->execute();

Effort: LOW (15 minutes)

2. Hardcoded API Key

File: src/config/api.js:5 Severity: CRITICAL (CVSS 9.1) CWE: CWE-798 (Hard-coded Credentials)

Vulnerable Code:

const API_KEY = 'sk_live_abc123xyz789';

Impact:

API access compromise
Unauthorized usage
Potential data breach

Remediation:

const API_KEY = process.env.STRIPE_API_KEY;

// .env file (not committed)
STRIPE_API_KEY=sk_live_abc123xyz789

Effort: LOW (10 minutes)

3. Missing Authentication on Admin Endpoint

File: src/api/admin.js:12 Severity: CRITICAL (CVSS 9.8) CWE: CWE-306 (Missing Authentication)

Vulnerable Code:

app.get('/api/admin/users', (req, res) => {
  return User.findAll();  // No authentication!
});

Impact:

Unauthorized admin access
User data exposure
System compromise

Remediation:

app.get('/api/admin/users',
  authenticateUser,
  authorizeRole(['admin']),
  (req, res) => {
    return User.findAll();
  }
);

Effort: MEDIUM (30 minutes)

High-Severity Vulnerabilities

[List of 8 high-severity issues...]

Dependency Vulnerabilities

Outdated Dependencies with Known CVEs:

Package	Current	Patched	CVE	Severity
lodash	4.17.15	4.17.21	CVE-2020-8203	High
axios	0.19.2	0.21.2	CVE-2021-3749	Medium
express	4.16.0	4.17.3	CVE-2022-24999	Medium

Recommended Actions

Immediate (Critical - Fix Today)

Fix SQL injection in search endpoint
Remove hardcoded API keys
Add authentication to admin endpoints

High Priority (Fix This Week)

4-11. [List of high-severity issues]

Medium Priority (Fix This Month)

12-26. [List of medium-severity issues]

Low Priority (Address Opportunistically)

27-49. [List of low-severity issues]

Compliance Impact

OWASP Top 10 Coverage:

A03:2021 - Injection ❌ (3 SQL injection vulnerabilities)
A01:2021 - Broken Access Control ❌ (5 issues)
A07:2021 - XSS ❌ (12 vulnerabilities)

Compliance Standards:

PCI-DSS: ❌ FAIL (hardcoded credentials)
GDPR: ⚠️ WARNING (data exposure issues)
SOC2: ❌ FAIL (missing authentication)


## Output Format

Structured vulnerability report with:
- Severity levels
- CVSS scores
- CWE classifications
- Impact assessment
- Remediation guidance
- Effort estimates
- Compliance mapping

Vulnerability Scanner Agent

Vulnerability Scanner Agent

Purpose

Responsibilities

Tools Available

Scanning Techniques

1. Dependency Vulnerability Scanning

2. OWASP Top 10 Scanning

3. Secrets Detection

4. Authentication/Authorization Flaws

Vulnerability Categories

Critical Severity

High Severity

Medium Severity

Scanning Process

1. Scan Dependencies

2. Scan Source Code

XSS Scan

Secrets Scan

2. Hardcoded API Key

3. Missing Authentication on Admin Endpoint

High-Severity Vulnerabilities

Dependency Vulnerabilities

Recommended Actions

Immediate (Critical - Fix Today)

High Priority (Fix This Week)

Medium Priority (Fix This Month)

Low Priority (Address Opportunistically)

Compliance Impact

Similar Agents