🛡️ I Built a JavaScript Web Vulnerability Scanner. Here’s How (And Why You Should Try It)
🔍 Scan your websites for XSS, CSRF, SSL issues, and more straight from the CLI or your browser
Like many developers, I’ve always been fascinated by how web apps can be broken ethically, of course. I wanted to build a tool that could:
✅ Find real-world bugs like XSS, CSRF, missing headers
✅ Work from the command line or the browser
✅ Be open-source and free
✅ Help developers secure their own sites
So I built web-vuln-scanner a JavaScript-powered vulnerability scanner you can run anywhere. No setup. No cost. Just ⚔️ scan and see.
⚙️ What It Does
Here’s what the scanner can detect:
Vulnerability Type What It Checks For
🧬 XSS Reflected/script injection in forms/URLs
🕸️ CSRF Missing tokens and protection headers
🔒 SSL/TLS Misconfigurations, weak ciphers
📬 HTTP Headers Missing security headers like CSP, HSTS
📁 Directory Traversal Unsafe file paths
🛑 Open Ports Common exposed ports (on websites)
📦 Dependency Issues Outdated or vulnerable libraries
Bonus:
🧠 Gemini AI-powered suggestions (Need Help Fixing? button in UI)
🧪 CLI with flags like --quick, --risk-insight, and --show-evidence
🚀 Quick Start (CLI)
npm install -g web-vuln-scanner
web-vuln-scanner https://example.com
👉 Options:
--quick // Fast scan (headers + SSL)
--deep // Puppeteer-based crawl
--risk-insight // Risk level analysis
--show-evidence // Show raw technical details
You get a report in Markdown, HTML, or JSON.
🧑💻 Web UI Demo (with AI Suggestions)
Visit the web UI: 🔗 scannervuln.vercel.app
Paste your URL → Get instant results → Click Need Suggestions? to get Gemini AI-powered security fixes 💡
📦 VS Code Extension
You can even scan your sites inside VS Code with the new extension:
➡️ Web Vuln Scanner – VS Code
🧠 Why I Built This
I noticed two things:
Most security tools are either too complex or too expensive
Dev-friendly vulnerability scanners are rare
So I created something that feels like a dev tool, not a pentester’s console.
Inspired by:
🛠️ Nuclei
⚔️ ZAP
⚡ Lighthouse
But simplified for devs like us.
🔧 How It Works
Under the hood:
Node.js + Puppeteer for crawling JavaScript-rendered pages
Scanners as modules (lib/scanners/*.js)
Real-time console output + rich reporting
Cookie/header injection support
AI-fixes via Gemini 2.0
🤝 Open Source & Dev Friendly
🔗 GitHub: github.com/pratikacharya1234/web-vuln-scanner
📦 NPM: npmjs.com/package/web-vuln-scanner
Feel free to:
⭐ Star the repo
🍴 Fork it and build your own
🐛 Submit issues
🙌 Contribute!
💡 What’s Next?
Coming soon:
🧪 CI/CD integration via GitHub Action
🔐 OAuth and JWT Auth Scanning
📊 OWASP, PCI DSS, and GDPR compliance reports
🧑💼 Enterprise UI with Jira/Slack integrations
🧠 Final Thoughts
Security shouldn’t be scary, boring, or expensive.
Let’s bring hacker vibes to developers responsibly.
Try it, break your own site (gently), and ship safer software 🔐
If you like it, drop a ⭐ on GitHub or let me know what you want added next!
repo : https://github.com/pratikacharya1234/Web-Vulnerability-Scanner
npm : https://www.npmjs.com/package/web-vuln-scanner
