VulnDozer

VulnDozer is a Django-based web application for managing security vulnerabilities, projects, and assessments with role-based access control.

📋 Table of Contents

• Overview
• Features
• Usage
• User Roles

🎯 Overview

The Vulnerability Management Tool is a comprehensive Django application designed to track, manage, and monitor security vulnerabilities across multiple projects. It provides a centralized platform for project owners and penetration testers to collaborate on vulnerability assessment and remediation.

🌐 Access

You can access the application at:

• URL: https://vulndozer.onrender.com/VMT/Login

Log in with your credentials to access the vulnerability management dashboard.

✨ Features

Core Functionality

• Project Management: Create and manage security assessment projects
• Vulnerability Tracking: Log and track vulnerabilities with detailed information
• Status Management: Monitor vulnerability lifecycle (Open, Closed, Exception)
• Proof of Concept (PoC): Attach PoC images for vulnerabilities
• Closure Evidence: Track closure PoCs as evidence of remediation
• Exception Handling: Request and manage vulnerability exceptions
• User Authentication: Secure login and role-based access control
• Dashboard Analytics: View project statistics and vulnerability metrics
• User Profiles: Manage user information and preferences

Role-Based Access

• Project Owners: View and manage assigned projects and vulnerabilities
• Pentesters: Create and update vulnerability findings
• Admins: Full system administration capabilities

👥 User Roles

1. Project Owner (App_owner)

• Access: Dashboard, project management, vulnerability overview
• Permissions:
  • View assigned projects
  • View vulnerabilities in assigned projects
  • Track vulnerability status
  • View vulnerability details and PoCs
  • Manage project information
  • Access exception requests

2. Pentester (Pentester)

• Access: Pentester dashboard, vulnerability creation and management
• Permissions:
  • Create vulnerability findings
  • Upload PoC images
  • Update vulnerability status
  • Add closure evidence
  • View assigned projects

3. Admin

• Access: Django admin panel
• Permissions:
  • Full system access
  • User management
  • Model administration
  • Data backup and recovery

🚀 Usage

Creating a Project

1. Log in as a Project Owner or Admin
2. Navigate to "Add Project"
3. Fill in project details (name, type, description, scope, state, initial date)
4. Assign an owner
5. Submit the form

Adding a Vulnerability

1. Navigate to a project
2. Click "Add Vulnerability"
3. Enter vulnerability details:
   • Name and severity level
   • Affected URL
   • Description, impact, and recommendations
   • Status (Open/Closed/Exception)
4. Upload PoC images if available
5. Submit the form

Tracking Vulnerability Status

• Open: Vulnerability found and reported
• Closed: Vulnerability remediated and verified
• Exception: Vulnerability approved for exemption

Managing Exceptions

1. Navigate to Exceptions section
2. Request new exception with reason and validity period
3. Exception can be Approved, Rejected, or remain Requested
4. Track exception status