The latest articles on DEV Community by Nikhil Dabhade (@hnikhil). https://dev.to/hnikhil https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3957669%2F9a66b9bc-0c48-4cd9-943d-577a50239c17.jpeg https://dev.to/hnikhil en Nikhil Dabhade Fri, 29 May 2026 17:06:44 +0000 https://dev.to/hnikhil/truely-agree-we-have-to-use-this-tool-3f6a https://dev.to/hnikhil/truely-agree-we-have-to-use-this-tool-3f6a <div class="ltag__link--embedded"> <div class="crayons-story "> <a href="https://dev.to/hnikhil/i-was-tired-of-security-scanners-with-90-false-positives-so-i-built-my-own-5eje" class="crayons-story__hidden-navigation-link">I was tired of security scanners with 90% false positives, so I built my own</a> <div class="crayons-story__body crayons-story__body-full_post"> <div class="crayons-story__top"> <div class="crayons-story__meta"> <div class="crayons-story__author-pic"> <a href="/hnikhil" class="crayons-avatar crayons-avatar--l "> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3957669%2F9a66b9bc-0c48-4cd9-943d-577a50239c17.jpeg" alt="hnikhil profile" class="crayons-avatar__image"> </a> </div> <div> <div> <a href="/hnikhil" class="crayons-story__secondary fw-medium m:hidden"> Nikhil Dabhade </a> <div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:inline-block"> Nikhil Dabhade <div id="story-author-preview-content-3774961" class="profile-preview-card__content crayons-dropdown branded-7 p-4 pt-0"> <div class="gap-4 grid"> <div class="-mt-4"> <a href="/hnikhil" class="flex"> <span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3957669%2F9a66b9bc-0c48-4cd9-943d-577a50239c17.jpeg" class="crayons-avatar__image" alt=""> </span> <span class="crayons-link crayons-subtitle-2 mt-5">Nikhil Dabhade</span> </a> </div> <div class="print-hidden"> Follow </div> <div class="author-preview-metadata-container"></div> </div> </div> </div> </div> <a href="https://dev.to/hnikhil/i-was-tired-of-security-scanners-with-90-false-positives-so-i-built-my-own-5eje" class="crayons-story__tertiary fs-xs"><time>May 29</time><span class="time-ago-indicator-initial-placeholder"></span></a> </div> </div> </div> <div class="crayons-story__indention"> <h2 class="crayons-story__title crayons-story__title-full_post"> <a href="https://dev.to/hnikhil/i-was-tired-of-security-scanners-with-90-false-positives-so-i-built-my-own-5eje" id="article-link-3774961"> I was tired of security scanners with 90% false positives, so I built my own </a> </h2> <div class="crayons-story__tags"> <a class="crayons-tag crayons-tag--filled " href="/t/showdev"><span class="crayons-tag__prefix">#</span>showdev</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/opensource"><span class="crayons-tag__prefix">#</span>opensource</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/security"><span class="crayons-tag__prefix">#</span>security</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/tooling"><span class="crayons-tag__prefix">#</span>tooling</a> </div> <div class="crayons-story__bottom"> <div class="crayons-story__details"> <a href="https://dev.to/hnikhil/i-was-tired-of-security-scanners-with-90-false-positives-so-i-built-my-own-5eje" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left"> <div class="multiple_reactions_aggregate"> <span class="multiple_reactions_icons_container"> <span class="crayons_icon_container"> <img src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" width="18" height="18"> </span> </span> <span class="aggregate_reactions_counter">1<span class="hidden s:inline"> reaction</span></span> </div> </a> <a href="https://dev.to/hnikhil/i-was-tired-of-security-scanners-with-90-false-positives-so-i-built-my-own-5eje#comments" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left flex items-center"> Comments <span class="hidden s:inline">Add Comment</span> </a> </div> <div class="crayons-story__save"> <small class="crayons-story__tertiary fs-xs mr-2"> 2 min read </small> <span class="bm-initial"> </span> <span class="bm-success"> </span> </div> </div> </div> </div> </div> </div> Nikhil Dabhade Fri, 29 May 2026 04:16:10 +0000 https://dev.to/hnikhil/i-was-tired-of-security-scanners-with-90-false-positives-so-i-built-my-own-5eje https://dev.to/hnikhil/i-was-tired-of-security-scanners-with-90-false-positives-so-i-built-my-own-5eje <p>Every developer knows the pain of running a security scan. You wait for it to finish, only to be handed a giant report filled with hundreds of warnings. You then have to spend the next three hours manually testing each one, only to find out that almost all of them are false positives. </p> <p>It is a massive waste of time, and it makes people ignore security alerts entirely.</p> <p>I wanted a tool that actually proved its findings before telling me about them. Since I could not find a lightweight, open-source scanner that did this, I decided to build VScanX.</p> <p><strong>How it works under the hood</strong></p> <p>Instead of just checking if a header is missing or searching for static text, VScanX focuses on active validation. </p> <p>When it finds a potential vulnerability, it triggers a background process to safely exploit it. If it successfully triggers the exploit, it saves the exact HTTP requests and responses as a proof of concept. If it cannot prove that the vulnerability is actually exploitable, it simply does not report it. </p> <p>This means if VScanX alerts you to an issue, you can trust that it is real and reproducible. </p> <p><strong>What it scans</strong></p> <p>I wanted the tool to cover the full stack of applications I work on, so I built modules for:</p> <ul> <li><p>Web Apps: SQL injection, XSS, IDOR, and exposed secrets in JavaScript.</p></li> <li><p>Smart Contracts: Reentrancy loops and access control issues.</p></li> <li><p>AI Sandbox: Prompt injection and code execution escapes for LLM apps</p></li> </ul> <p>It also has a local Next.js documentation dashboard so you can view your scan results, compare diffs between two different runs to see what changed, and manage everything privately on your own machine.</p> <p><strong>Give it a try</strong></p> <p>The project is completely free and open source. If you want to check out the code, run a scan on your local projects, or contribute, the repository is on GitHub:</p> <p><a href="https://github.com/hnikhil-dev/VScanX" rel="noopener noreferrer">Github</a></p> <p>I would love to hear your feedback on the verification logic or how you handle security sweeps in your own workflows.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdo797ynbxar912jcdpns.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdo797ynbxar912jcdpns.png" alt=" " width="800" height="449"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh54a53ey3cf5kp8yrt5i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh54a53ey3cf5kp8yrt5i.png" alt=" " width="800" height="326"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjpc9u5l2fmki2xyj70rj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjpc9u5l2fmki2xyj70rj.png" alt=" " width="800" height="450"></a></p> opensource security showdev tooling