Autarch/web/routes/webapp_scanner.py

"""Web Application Scanner — web routes."""

from flask import Blueprint, render_template, request, jsonify
from web.auth import login_required

webapp_scanner_bp = Blueprint('webapp_scanner', __name__)


def _svc():
    from modules.webapp_scanner import get_webapp_scanner
    return get_webapp_scanner()


@webapp_scanner_bp.route('/web-scanner/')
@login_required
def index():
    return render_template('webapp_scanner.html')


@webapp_scanner_bp.route('/web-scanner/quick', methods=['POST'])
@login_required
def quick_scan():
    data = request.get_json(silent=True) or {}
    url = data.get('url', '').strip()
    if not url:
        return jsonify({'ok': False, 'error': 'URL required'})
    return jsonify({'ok': True, **_svc().quick_scan(url)})


@webapp_scanner_bp.route('/web-scanner/dirbust', methods=['POST'])
@login_required
def dir_bruteforce():
    data = request.get_json(silent=True) or {}
    url = data.get('url', '').strip()
    if not url:
        return jsonify({'ok': False, 'error': 'URL required'})
    extensions = data.get('extensions', [])
    return jsonify(_svc().dir_bruteforce(url, extensions=extensions or None,
                                         threads=data.get('threads', 10)))


@webapp_scanner_bp.route('/web-scanner/dirbust/<job_id>', methods=['GET'])
@login_required
def dirbust_status(job_id):
    return jsonify(_svc().get_job_status(job_id))


@webapp_scanner_bp.route('/web-scanner/subdomain', methods=['POST'])
@login_required
def subdomain_enum():
    data = request.get_json(silent=True) or {}
    domain = data.get('domain', '').strip()
    if not domain:
        return jsonify({'ok': False, 'error': 'Domain required'})
    return jsonify(_svc().subdomain_enum(domain, use_ct=data.get('use_ct', True)))


@webapp_scanner_bp.route('/web-scanner/vuln', methods=['POST'])
@login_required
def vuln_scan():
    data = request.get_json(silent=True) or {}
    url = data.get('url', '').strip()
    if not url:
        return jsonify({'ok': False, 'error': 'URL required'})
    return jsonify(_svc().vuln_scan(url,
                                    scan_sqli=data.get('sqli', True),
                                    scan_xss=data.get('xss', True)))


@webapp_scanner_bp.route('/web-scanner/crawl', methods=['POST'])
@login_required
def crawl():
    data = request.get_json(silent=True) or {}
    url = data.get('url', '').strip()
    if not url:
        return jsonify({'ok': False, 'error': 'URL required'})
    return jsonify(_svc().crawl(url,
                                max_pages=data.get('max_pages', 50),
                                depth=data.get('depth', 3)))
v2.2.0 — Full arsenal expansion: 16 new security modules Add WiFi Audit, API Fuzzer, Cloud Scanner, Threat Intel, Log Correlator, Steganography, Anti-Forensics, BLE Scanner, Forensics, RFID/NFC, Malware Sandbox, Password Toolkit, Web Scanner, Report Engine, Net Mapper, and C2 Framework. Each module includes CLI interface, Flask routes, and web UI template. Also includes Go DNS server source + binary, IP Capture service, SYN Flood, Gone Fishing mail server, and hack hijack modules from v2.0 work. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 05:16:31 -08:00			`"""Web Application Scanner — web routes."""`

			`from flask import Blueprint, render_template, request, jsonify`
			`from web.auth import login_required`

			`webapp_scanner_bp = Blueprint('webapp_scanner', __name__)`


			`def _svc():`
			`from modules.webapp_scanner import get_webapp_scanner`
			`return get_webapp_scanner()`


			`@webapp_scanner_bp.route('/web-scanner/')`
			`@login_required`
			`def index():`
			`return render_template('webapp_scanner.html')`


			`@webapp_scanner_bp.route('/web-scanner/quick', methods=['POST'])`
			`@login_required`
			`def quick_scan():`
			`data = request.get_json(silent=True) or {}`
			`url = data.get('url', '').strip()`
			`if not url:`
			`return jsonify({'ok': False, 'error': 'URL required'})`
			`return jsonify({'ok': True, **_svc().quick_scan(url)})`


			`@webapp_scanner_bp.route('/web-scanner/dirbust', methods=['POST'])`
			`@login_required`
			`def dir_bruteforce():`
			`data = request.get_json(silent=True) or {}`
			`url = data.get('url', '').strip()`
			`if not url:`
			`return jsonify({'ok': False, 'error': 'URL required'})`
			`extensions = data.get('extensions', [])`
			`return jsonify(_svc().dir_bruteforce(url, extensions=extensions or None,`
			`threads=data.get('threads', 10)))`


			`@webapp_scanner_bp.route('/web-scanner/dirbust/<job_id>', methods=['GET'])`
			`@login_required`
			`def dirbust_status(job_id):`
			`return jsonify(_svc().get_job_status(job_id))`


			`@webapp_scanner_bp.route('/web-scanner/subdomain', methods=['POST'])`
			`@login_required`
			`def subdomain_enum():`
			`data = request.get_json(silent=True) or {}`
			`domain = data.get('domain', '').strip()`
			`if not domain:`
			`return jsonify({'ok': False, 'error': 'Domain required'})`
			`return jsonify(_svc().subdomain_enum(domain, use_ct=data.get('use_ct', True)))`


			`@webapp_scanner_bp.route('/web-scanner/vuln', methods=['POST'])`
			`@login_required`
			`def vuln_scan():`
			`data = request.get_json(silent=True) or {}`
			`url = data.get('url', '').strip()`
			`if not url:`
			`return jsonify({'ok': False, 'error': 'URL required'})`
			`return jsonify(_svc().vuln_scan(url,`
			`scan_sqli=data.get('sqli', True),`
			`scan_xss=data.get('xss', True)))`


			`@webapp_scanner_bp.route('/web-scanner/crawl', methods=['POST'])`
			`@login_required`
			`def crawl():`
			`data = request.get_json(silent=True) or {}`
			`url = data.get('url', '').strip()`
			`if not url:`
			`return jsonify({'ok': False, 'error': 'URL required'})`
			`return jsonify(_svc().crawl(url,`
			`max_pages=data.get('max_pages', 50),`
			`depth=data.get('depth', 3)))`