MINERVA: XSS Vulnerability Detection and Verification System

Developed at IIT Bhilai
This project implements a 3-stage autonomous system for detecting and verifying Cross-Site Scripting (XSS) vulnerabilities. It is built on top of the YURASCANNER research framework and integrates advanced LLM agents, DOM parsing, visual exploit confirmation, and runtime monitoring.

Overview

This system automates the end-to-end process of XSS vulnerability scanning and validation using a multi-agent architecture. The process involves:

DOM extraction and input vector identification
Payload injection and response handling
Visual confirmation of exploit success using image captioning
Real-time monitoring and diagnostics

Architecture Diagram

Key Features

LangGraph Multi-Agent Pipelines: Built on Groq-hosted LLaMA 3.3 70B, enabling intelligent crawling, payload crafting, and exploit reasoning.
DOM Analysis: Conducted using BeautifulSoup to identify interactive elements (buttons , forms , links).
Visual Validation: Uses *LLaVA OneVision multimodal model to analyze screenshots for exploit effects.
Real-Time Monitoring: Implemented with FastAPI, Rich, and terminal dashboard tools.
Automation: Shell-based orchestration using tmux for robust multi-process execution.

System Components & Execution

1. Status Server (Monitoring Backend)

Launch the FastAPI-based server:

fastapi run status_server.py

2. Terminal Dashboard (Runtime Visualization)

Start the terminal dashboard interface:

python dashboard.py

3. Flask Demo Application (Test Target)

This is the vulnerable test web application used for exploit demonstration:

python flask_demo_app/app.py

4. Main Execution Pipeline

Run the main control and orchestration logic (LangGraph + agent logic):

python Minerva.py

✅ XSS-Injected Page Display

After successful injection, the system captures a screenshot of the rendered DOM showing the injected payload:

Above: Injected payload results in a visible DOM alert, confirming successful XSS execution.

These screenshots are processed using the XSSAnalyzer class, which uses the LLaVA OneVision multimodal model for captioning and reasoning about visual XSS effects.

Dependencies

Python 3.10+
fastapi, uvicorn, beautifulsoup4, tmux, Rich, Flask, LangGraph, and Salesforce BLIP dependencies

Install all dependencies with:

pip install -r requirements.txt

License

This project is intended for research and academic use. For permissions or collaborations, contact [manodeepray1].gmail

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
.VSCodeCounter		.VSCodeCounter
__pycache__		__pycache__
data		data
flask_demo_app		flask_demo_app
media		media
notebook		notebook
output		output
src		src
tests		tests
.gitignore		.gitignore
GUI.py		GUI.py
Minerva.py		Minerva.py
README.md		README.md
README2.md		README2.md
__init__.py		__init__.py
dashboard.py		dashboard.py
run_minerva.sh		run_minerva.sh
status_server.py		status_server.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

MINERVA: XSS Vulnerability Detection and Verification System

Overview

Architecture Diagram

Key Features

System Components & Execution

1. Status Server (Monitoring Backend)

2. Terminal Dashboard (Runtime Visualization)

3. Flask Demo Application (Test Target)

4. Main Execution Pipeline

✅ XSS-Injected Page Display

Dependencies

License

About

Uh oh!

Releases

Packages

Languages

Manodeepray/Minerva

Folders and files

Latest commit

History

Repository files navigation

MINERVA: XSS Vulnerability Detection and Verification System

Overview

Architecture Diagram

Key Features

System Components & Execution

1. Status Server (Monitoring Backend)

2. Terminal Dashboard (Runtime Visualization)

3. Flask Demo Application (Test Target)

4. Main Execution Pipeline

✅ XSS-Injected Page Display

Dependencies

License

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages