An advanced AI-driven vulnerability scanner and penetration testing tool that integrates multiple AI providers (OpenAI, Grok, OLLAMA, Claude) with comprehensive security testing modules for automated bug hunting, intelligent payload generation, and professional reporting.
- Multi-AI Provider Support: Dynamic switching between OpenAI, Grok, OLLAMA, and Claude
- Intelligent Payload Generation: AI-powered, CVE-aware, context-sensitive payloads
- Comprehensive Scanning: 45+ attack methods with framework-specific tests
- Advanced Reconnaissance: Passive OSINT, DNS enumeration, subdomain discovery
- Professional Reporting: PDF/HTML/JSON reports with OSINT intelligence and executive summaries
- Collaborative Scanning: Team-based distributed scanning with session management
- Custom Plugin System: Extend Deep Eye with your own vulnerability scanners
- Multi-Channel Notifications: Real-time alerts via Email, Slack, and Discord
- SQL Injection (Error-based, Blind, Time-based)
- Cross-Site Scripting (XSS)
- Command Injection
- SSRF (Server-Side Request Forgery)
- XXE (XML External Entity)
- Path Traversal
- CSRF (Cross-Site Request Forgery)
- Open Redirect
- CORS Misconfiguration
- Security Headers Analysis
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Server-Side Template Injection (SSTI)
- CRLF Injection
- Host Header Injection
- LDAP Injection
- XML Injection
- Insecure Deserialization
- Authentication Bypass
- Information Disclosure
- Sensitive Data Exposure
- JWT Vulnerabilities
- Broken Authentication
- API Security Testing (OWASP API Top 10 2023)
- GraphQL Security (Introspection, Depth limits, Batch attacks)
- Business Logic Flaws (Price manipulation, Workflow bypass, Race conditions)
- Authentication Testing (Session management, JWT, OAuth, MFA bypass)
- File Upload Vulnerabilities (Unrestricted upload, Path traversal, Type bypass)
- Collaborative Scanning (Team-based distributed scanning)
- WebSocket Testing (Origin validation, Auth, Injection, DoS protection)
- ML-Based Anomaly Detection (Behavioral analysis, Pattern recognition)
- Interactive HTML Reports (Charts, Filtering, Real-time search)
- Enhanced OSINT (Google dorking, Breach databases, CT logs, GitHub/Pastebin)
- Advanced Payload Obfuscation (11+ techniques for WAF bypass)
- Custom Plugin System (Extend with your own scanners)
- Multi-Channel Notifications (Email, Slack, Discord alerts)
- Enhanced OSINT Reporting (Reconnaissance data in all reports)
And 17+ more attack vectors
- Python 3.8 or higher
- pip package manager
- API keys for AI providers (at least one):
- OpenAI API Key
- Anthropic (Claude) API Key
- Grok API Key
- OLLAMA (local installation)
Windows:
.\scripts\install.ps1Linux/Mac:
chmod +x scripts/install.sh
./scripts/install.sh- Clone the repository:
git clone https://github.com/zakirkun/deep-eye.git
cd deep-eye- Install dependencies:
pip install -r requirements.txt- Configure AI providers:
cp config/config.example.yaml config/config.yaml
# Edit config.yaml with your API keys# Scan with target from CLI
python deep_eye.py -u https://example.com
# Scan with configuration file
python deep_eye.py -c myconfig.yaml
# Verbose mode
python deep_eye.py -u https://example.com -vAll scan options are configured in config/config.yaml:
scanner:
target_url: "https://example.com" # Default target
ai_provider: "openai" # AI provider
default_depth: 2 # Crawl depth
default_threads: 5 # Thread count
enable_recon: true # Enable reconnaissance
full_scan: false # Full/quick scan mode
proxy: "" # Proxy settings
custom_headers: {} # Custom headers
reporting:
enabled: true # Auto-generate reports
output_directory: "reports" # Report directory
default_format: "html" # Report formatThen run:
python deep_eye.py-u, --url Target URL (overrides config)
-c, --config Configuration file path (default: config/config.yaml)
-v, --verbose Enable verbose output
--version Show version and exit
--no-banner Disable banner display
Note: All scanning options (depth, threads, AI provider, scan mode, proxy, etc.) are now configured in config.yaml for better management and repeatability.
deep-eye/
βββ core/ # Core scanning engine
βββ ai_providers/ # AI provider integrations
βββ modules/ # Security testing modules
βββ utils/ # Utility functions
βββ config/ # Configuration files
βββ templates/ # Report templates
βββ examples/ # Usage examples
βββ scripts/ # Installation scripts
βββ docs/ # Documentation
βββ deep_eye.py # Main entry point
βββ setup.py # Package setup
βββ requirements.txt # Dependencies
For detailed structure, see docs/ARCHITECTURE.md
Issue: PDF generation errors on Windows (WeasyPrint library issues)
Solution: The tool now uses ReportLab (Windows-friendly) for PDF generation by default. If you encounter any issues:
- Ensure ReportLab is installed:
pip install reportlab>=4.0.0-
If PDF generation fails, the tool will automatically fall back to HTML format.
-
For advanced HTML-to-PDF conversion (optional), you can install additional tools, but it's not required.
AI Provider Connection Errors
- Verify your API keys in
config/config.yaml - Check your internet connection
- Ensure API key has sufficient credits
Scanning Errors
- Verify target URL is accessible
- Check if target has rate limiting or WAF
- Try reducing thread count with
-toption
IMPORTANT: Deep Eye is designed for authorized security testing only.
- Only use on systems you own or have explicit permission to test
- Unauthorized access to computer systems is illegal
- Users are responsible for complying with all applicable laws
- The developers assume no liability for misuse
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.
- Quick Start Guide - Get started quickly
- Architecture - System design and structure
- Testing Guide - Testing procedures
- Contributing - How to contribute
- Changelog - Version history
- OpenAI for GPT models
- Anthropic for Claude
- OWASP for security testing methodologies
- The security research community
For questions or support, please open an issue on GitHub.