When you ship a web app without scanning for vulnerabilities… 👀

Pratik242 — Mon, 08 Sep 2025 02:29:03 +0000

This is fine… until it isn’t!

Hey devs! 🚀

Just pushed a fresh update to my open-source npm package: Web-Vulnerability-Scanner
It’s now even faster and comes with improved detection for common security flaws.

What’s new?

⚡️ Speed improvements
🔍 Better detection of XSS & SQLi
📝 Cleaner CLI output
Install:

bash
npm i web-vulnerability-scanner
Check out the latest on GitHub:
https://github.com/pratikacharya1234/Web-Vulnerability-Scanner

Would love your feedback, memes, or PRs!

javascript #opensource #cybersecurity #webdev #npm

🔐 I Built a JavaScript Web Vulnerability Scanner Devs Can Actually Use (CLI, Web UI, and AI-Powered Fixes)

Pratik242 — Mon, 21 Apr 2025 23:07:22 +0000

🛡️ I Built a JavaScript Web Vulnerability Scanner. Here’s How (And Why You Should Try It)
🔍 Scan your websites for XSS, CSRF, SSL issues, and more straight from the CLI or your browser
Like many developers, I’ve always been fascinated by how web apps can be broken ethically, of course. I wanted to build a tool that could:

✅ Find real-world bugs like XSS, CSRF, missing headers
✅ Work from the command line or the browser
✅ Be open-source and free
✅ Help developers secure their own sites

So I built web-vuln-scanner a JavaScript-powered vulnerability scanner you can run anywhere. No setup. No cost. Just ⚔️ scan and see.

⚙️ What It Does
Here’s what the scanner can detect:

Vulnerability Type What It Checks For
🧬 XSS Reflected/script injection in forms/URLs
🕸️ CSRF Missing tokens and protection headers
🔒 SSL/TLS Misconfigurations, weak ciphers
📬 HTTP Headers Missing security headers like CSP, HSTS
📁 Directory Traversal Unsafe file paths
🛑 Open Ports Common exposed ports (on websites)
📦 Dependency Issues Outdated or vulnerable libraries
Bonus:

🧠 Gemini AI-powered suggestions (Need Help Fixing? button in UI)

🧪 CLI with flags like --quick, --risk-insight, and --show-evidence

🚀 Quick Start (CLI)

npm install -g web-vuln-scanner

web-vuln-scanner https://example.com
👉 Options:

--quick // Fast scan (headers + SSL)
--deep // Puppeteer-based crawl
--risk-insight // Risk level analysis
--show-evidence // Show raw technical details
You get a report in Markdown, HTML, or JSON.

🧑‍💻 Web UI Demo (with AI Suggestions)
Visit the web UI: 🔗 scannervuln.vercel.app

Paste your URL → Get instant results → Click Need Suggestions? to get Gemini AI-powered security fixes 💡

📦 VS Code Extension
You can even scan your sites inside VS Code with the new extension:

➡️ Web Vuln Scanner – VS Code

🧠 Why I Built This
I noticed two things:

Most security tools are either too complex or too expensive

Dev-friendly vulnerability scanners are rare

So I created something that feels like a dev tool, not a pentester’s console.

Inspired by:

🛠️ Nuclei

⚔️ ZAP

⚡ Lighthouse

But simplified for devs like us.

🔧 How It Works
Under the hood:

Node.js + Puppeteer for crawling JavaScript-rendered pages

Scanners as modules (lib/scanners/*.js)

Real-time console output + rich reporting

Cookie/header injection support

AI-fixes via Gemini 2.0

🤝 Open Source & Dev Friendly
🔗 GitHub: github.com/pratikacharya1234/web-vuln-scanner
📦 NPM: npmjs.com/package/web-vuln-scanner

Feel free to:

⭐ Star the repo

🍴 Fork it and build your own

🐛 Submit issues

🙌 Contribute!

💡 What’s Next?
Coming soon:

🧪 CI/CD integration via GitHub Action

🔐 OAuth and JWT Auth Scanning

📊 OWASP, PCI DSS, and GDPR compliance reports

🧑‍💼 Enterprise UI with Jira/Slack integrations

🧠 Final Thoughts
Security shouldn’t be scary, boring, or expensive.
Let’s bring hacker vibes to developers responsibly.

Try it, break your own site (gently), and ship safer software 🔐

If you like it, drop a ⭐ on GitHub or let me know what you want added next!
repo : https://github.com/pratikacharya1234/Web-Vulnerability-Scanner
npm : https://www.npmjs.com/package/web-vuln-scanner

DEV Community: Pratik242

When you ship a web app without scanning for vulnerabilities… 👀

javascript #opensource #cybersecurity #webdev #npm

🔐 I Built a JavaScript Web Vulnerability Scanner Devs Can Actually Use (CLI, Web UI, and AI-Powered Fixes)