Panda Analyzer - Network Security Scanner

Panda Analyzer is a comprehensive full-stack network security scanning tool built with Python, Node.js/Express, and React. It helps identify vulnerabilities, outdated software versions, and security misconfigurations in your network infrastructure.

Features

• Open Port Scanning: Discover all open ports on target systems
• Outdated Software Detection: Identify outdated software versions with known vulnerabilities
• Misconfiguration Detection: Find common security misconfigurations and weak credentials
• Full Security Scan: Comprehensive scan combining all security tests
• Real-time Updates: WebSocket support for live scan progress updates
• User-Friendly Interface: Modern web dashboard for easy scan management
• Detailed Reporting: In-depth vulnerability analysis with risk levels

Project Structure

panda-analyzer/
├── backend/                    # Node.js/Express backend
│   ├── controllers/
│   │   └── scanController.js  # Scan management logic
│   ├── routes/
│   │   ├── scan.js            # Scan API routes
│   │   └── auth.js            # Authentication routes
│   ├── services/
│   │   ├── scanService.js     # Scan business logic
│   │   └── pythonRunner.js    # Python integration
│   ├── middleware/
│   │   └── auth.js            # Authentication middleware
│   ├── utils/
│   │   └── logger.js          # Logging utility
│   ├── python/
│   │   └── scanner.py         # Python scanning engine
│   ├── server.js              # Express server with Socket.IO
│   ├── package.json
│   └── .env
│
└── frontend/                   # React frontend
    ├── src/
    │   ├── components/
    │   │   ├── Header.js      # Header component
    │   │   ├── ScanOptions.js # Scan type selector
    │   │   └── ScanResults.js # Results table
    │   ├── App.js             # Main app with API integration
    │   ├── index.js           # React entry point
    │   ├── styles.css         # Global styles
    │   └── App.css
    ├── public/
    │   └── index.html         # HTML root
    ├── package.json
    └── .env

Requirements

Backend

• Node.js v14+
• npm or yarn
• Python 3.7+
• Express.js
• Socket.IO

Frontend

• React 18+
• Socket.IO Client
• Node.js v14+

Installation

Backend Setup

1. Navigate to the backend directory:

cd backend

2. Install dependencies:

npm install

3. Create a .env file:

PORT=3001
NODE_ENV=development
API_VERSION=1.0.0
FRONTEND_URL=http://localhost:3000
PYTHON_PATH=python3
JWT_SECRET=your-super-secret-jwt-key-here
LOG_LEVEL=info

4. Create necessary directories:

mkdir -p temp logs

5. Start the backend server:

npm run dev

The backend will run on http://localhost:3001

Frontend Setup

1. Navigate to the frontend directory:

cd frontend

2. Install dependencies:

npm install

3. Create a .env file:

REACT_APP_API_URL=http://localhost:3001

4. Start the development server:

npm start

The frontend will run on http://localhost:3000

Usage

1. Start Backend: Run npm run dev in the backend directory
2. Start Frontend: Run npm start in the frontend directory
3. Open Browser: Navigate to http://localhost:3000
4. Select Scan Type:
   • Open Port Scanning
   • Outdated Software Versions
   • Misconfigurations
   • Full Security Scan
5. Enter Target URL: Input the target domain or IP address
6. Click Scan Now: Initiate the scan
7. View Results: Monitor real-time scan progress and view detailed results

API Endpoints

Scan Management

• POST /api/scan - Start a new scan

  • Body: { target: string, scanType: string }
  • Returns: { scanId: string, status: string }

• GET /api/scan/:scanId/status - Get scan status

  • Returns: Scan status, progress, and metadata

• GET /api/scan/:scanId/results - Get scan results

  • Returns: Scan results with open ports, vulnerabilities, and misconfigurations

• GET /api/scan/history - Get scan history (requires authentication)

  • Returns: Array of completed scans

• DELETE /api/scan/:scanId - Cancel a running scan

  • Returns: Confirmation message

Authentication

• POST /api/auth/login - User login
• POST /api/auth/signup - User registration

Health Check

• GET /api/health - API health status

WebSocket Events

Connect to the Socket.IO server at http://localhost:3001:

• scanUpdate-{scanId}: Receive real-time scan updates
  • Emits: { status: string, results?: array, error?: string }

Supported Services

• FTP, SSH, Telnet
• HTTP, HTTPS, SMTP, POP3, IMAP
• MySQL, PostgreSQL, MongoDB
• Redis, MSSQL
• RDP, VNC
• DNS, LDAP

Configuration

Backend (.env)

PORT=3001
NODE_ENV=development
API_VERSION=1.0.0
FRONTEND_URL=http://localhost:3000
PYTHON_PATH=python3
JWT_SECRET=your-secret-key
BCRYPT_ROUNDS=12
LOG_LEVEL=info
LOG_FILE=logs/panda-analyzer.log

Frontend (.env)

REACT_APP_API_URL=http://localhost:3001

Security Features

• Rate limiting to prevent abuse
• Input validation and sanitization
• CORS protection
• Security headers with Helmet.js
• JWT-based authentication
• Comprehensive error handling
• Logging and monitoring

Error Handling

The application includes comprehensive error handling:

• Invalid URL validation
• Scan timeout handling
• Failed scan recovery
• Network error management
• User-friendly error messages

Performance

• Multi-threaded port scanning (up to 1000 concurrent threads)
• Asynchronous scan processing
• Real-time WebSocket updates
• Efficient result caching
• Optimized database queries

Troubleshooting

Backend Issues

• Port already in use: Change PORT in .env
• Python not found: Set correct PYTHON_PATH in .env
• Connection refused: Ensure backend is running on correct port

Frontend Issues

• Cannot connect to backend: Check REACT_APP_API_URL in .env
• React-scripts not found: Run npm install react-scripts
• WebSocket connection failed: Verify backend is running

Scan Issues

• Scan timeout: Increase timeout in Python scanner config
• No results returned: Check backend logs for errors
• Partial results: Network may be unstable, retry scan

Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Commit your changes
4. Push to the branch
5. Submit a pull request

License

This project is licensed under the MIT License - see LICENSE file for details.

Support

For issues, questions, or suggestions, please:

• Open an issue on GitHub
• Contact the development team
• Check documentation and FAQ

Roadmap

• Database persistence for scan history
• User authentication and authorization
• Advanced filtering and export options
• API key management
• Scheduled scans
• Email notifications
• Mobile app support
• Cloud deployment templates

Acknowledgments

• Built with security best practices in mind
• Inspired by industry-leading security scanning tools
• Community feedback and contributions

Disclaimer

Panda Analyzer is designed for authorized security testing only. Users are responsible for ensuring they have proper authorization before scanning any networks or systems. Unauthorized network scanning may be illegal.

---

Version: 1.0.0
Last Updated: November 5, 2025
Author: Panda Analyzer Team