A legitimate, safety-focused web application for performing authorized security scans on your own web applications.
Real-time scan results with live console, severity filtering, and proof-of-concept generation
- Advanced Injection Detection:
- Randomized token-based XSS detection (zero false positives)
- Boolean-based blind SQL injection detection
- Server-Side Template Injection (SSTI) detection
- Command injection detection with unique tokens
- Security Headers Analysis: Identifies missing or misconfigured HTTP security headers
- Dependency Scanning: Checks for exposed dependency files
- Real-time Progress: Live console showing detailed scan progress
- Interactive Filtering: Click severity badges to filter findings
- Proof of Concept (POC): Each finding includes a curl command to reproduce the vulnerability
- OWASP Top 10 Mapping: All findings mapped to relevant OWASP categories
- Backend: Python, FastAPI
- Frontend: React, Vite, Tailwind CSS
- Python 3.8+
- Node.js 16+
- Clone the repository (if applicable).
- Backend Setup:
cd backend python -m venv venv # Windows ..\venv\Scripts\activate # Linux/Mac # source ../venv/bin/activate pip install -r requirements.txt
- Frontend Setup:
cd frontend npm install
-
Start the Backend: From the root directory (with venv activated):
uvicorn app.main:app --reload --port 8000 --app-dir backend
The API will be available at
http://localhost:8000. -
Start the Frontend: From the
frontenddirectory:npm run dev
The UI will be available at
http://localhost:5173.
- Open the frontend URL in your browser.
- Enter the Target URL you wish to scan (e.g.,
http://localhost:8000to scan the API itself, or any other site you own). - Check the "I am authorized..." box.
- Click Start Scan.
- View the results on the dashboard.
Use this tool ONLY on systems you own or are explicitly authorized to test. Misuse of security tools may be illegal. The authors are not responsible for any misuse.
This project is licensed under the MIT License - see the LICENSE file for details.