Skip to content

Samurai

Automated Vulnerability Discovery & Reconnaissance Engine

A full-stack cybersecurity analysis platform combining Angular 21 on the frontend with a FastAPI backend and real-time WebSocket push — purpose-built for running concurrent nmap, SQLMap, Nuclei, and Playwright scan pipelines against target infrastructure. Available as both a web application and a standalone terminal TUI written in Rust.

Angular 21FastAPIWebSocketNmapSQLMapNucleiPlaywrightPostgreSQLRust TUI

Overview

Samurai is a cybersecurity analysis platform with two interfaces sharing the same database engine. It provides port scanning, web reconnaissance, DAST vulnerability crawling, and encrypted database exports — all accessible through a modern web UI or a lightweight terminal application.

Web InterfaceSamurai WebAngular 21 + FastAPI / PythonFull SPA with standalone components, WebSocket real-time console streaming, and a responsive SCSS-based UI. Runs via Docker Compose with PostgreSQL and Redis.
Terminal InterfaceSamurai TUIRustStandalone terminal application with SQLite or PostgreSQL backend. Uses the Nothing Design system for a clean, minimal TUI experience. No Docker required for basic usage.

Capabilities

Samurai packs four scanning engines into a unified pipeline, each feeding findings into a shared database for cross-referenced analysis.

Port ScanningNmap with configurable profiles (quick, balanced, deep, UDP). Streams real-time results via WebSocket with progress indicators per engine.
Web ReconnaissanceDNS enumeration, subdomain discovery, API probing, security headers audit, and technology fingerprinting for every resolved target.
DAST CrawlingAutomated page discovery, HTTP header analysis, link extraction, and headless browser (Playwright) JavaScript-heavy page reconnaissance.
SQL Injection DetectionSQLMap subprocess integration for automated SQL injection vulnerability checks across discovered endpoints with payload execution.
Template ScanningNuclei template-based vulnerability scanning with 3.2 engine, covering CVEs, misconfigurations, and exposure checks.
Export & ArchiveFull analytics dump as JSON (raw) or AES-256-GCM encrypted binary. PDF reports with executive summary and severity breakdown.

Screenshots

Preview of the Samurai web interface in action — scanning, findings, and analysis dashboard.

Samurai XWA Screenshot 01
Samurai XWA Screenshot 02
Samurai XWA Screenshot 03
Samurai XWA Screenshot 04
Samurai XWA Screenshot 05

Architecture

Three-layer architecture with WebSocket duplex communication for real-time console streaming.

# Project Structure
samurai/
  ├── frontend/
  │    # Angular 21 SPA (standalone components)
  ├── backend/
  │    # FastAPI REST + WebSocket
  │    ├── main.py
  │    ├── scanner.py
  │    ├── crawler.py
  │    ├── db_exporter.py
  │    └── recon/
  ├── samurai-tui/
  │    # Rust terminal application
  │    ├── main.rs
  │    ├── scanner/
  │    ├── recon/
  │    ├── crawler/
  │    ├── export/
  │    ├── db/
  │    └── tui/
  ├── docs/
  └── docker-compose.yml

Quick Start

Get Samurai running locally in minutes.

Web Version (Docker Compose)

$ docker compose up -d --build
# Frontend: http://localhost:4200
# API docs: http://localhost:8000/docs

Terminal Version (Standalone)

$ cd samurai-tui
$ cargo build --release
$ cargo run --release
# Zero setup. Auto-creates local SQLite database.

Links & Resources

Explore the source code, documentation, and development roadmap.