Anoa Vulnerability Scanner is a comprehensive AI-powered security platform that combines static application security testing (SAST) and dynamic application security testing (DAST) into a single, user-friendly interface. The application features a modern Next.js frontend paired with a robust FastAPI backend, integrated with GitHub OAuth for seamless repository access. The system employs a dual-agent architecture: a Red Agent that recursively scans source code files to detect security vulnerabilities including SQL injection, cross-site scripting (XSS), command injection, path traversal, and hardcoded secrets, and a Blue Agent that leverages Fireworks AI to generate secure replacement code with intelligent fallbacks to template-based fixes. For dynamic testing, the platform integrates industry-standard security tools including Subfinder for subdomain discovery, httpx for live domain probing, Nuclei for vulnerability scanning, and ffuf for directory fuzzing. Users can authenticate via GitHub, select repositories, choose branches, and initiate comprehensive scans that deliver detailed reports with file locations, line numbers, severity ratings, and AI-generated remediation suggestions. The entire stack is containerized with Docker for easy deployment, includes a deliberately vulnerable Flask application for testing, and provides a clean JSON API for integration with existing security workflows and CI/CD pipelines.
Category tags: