DEV Community

Peter Nasarah Dashe
Peter Nasarah Dashe

Posted on

Most security tools still use 20-year-old rules. That's why I built Permi.

#cybersecurity #devsecops #opensource #python

The Problem

Old-school vulnerability scanners work like this:

  • If response matches pattern → safe
  • Elseunsafe

That logic was fine in the early 2000s. But modern systems are dynamic, complex, and full of legitimate edge cases. Those same tools now flood you with false positives.

You run a scan. It says 50 "critical" issues. You spend hours filtering. Only 8 are real. That's not security—that's a productivity killer.

What Permi Does Differently

Permi is an AI-powered vulnerability scanner built for today's development workflow.

  • Reduces false positives with intelligent filtering.
  • Works where you code – CLI now, VS Code & GitHub actions coming soon.
  • One command to scan websites or source code.

bash
pip install permi
permi scan --url https://your-site.com

##Early stage, honest feedback needed
Permi is still in early development. It's stable, but you might find rough edges. If something is confusing, broken, or missing:

Comment below or DM me.
Open an issue on GitHub.
Your feedback will directly shape Permi into the tool developers actually need.



  

    

      GitHub logo
      
        Peternasarah
       / 
        permi
      
    

    

      AI-powered vulnerability scanner for Nigerian developers and global SMBs
    

  

  

    



Permi





PyPI version
CI



AI-powered vulnerability scanner for Nigerian developers and global SMBs.



Permi scans live websites and source code for security vulnerabilities, then uses AI to filter out false positives — so you only see findings that actually matter.



Built in Nigeria. For Nigeria. Then for the world.









Two scan modes








--url — Live web scanning





Point Permi at any website. It crawls the pages, tests for SQL injection, XSS, and checks security headers on the running application.





permi scan --url https://yoursite.com





    Enter fullscreen mode
    


    Exit fullscreen mode
    













--path — Static source code scanning






Point Permi at a local folder or GitHub repository. It reads your code files, matches vulnerability patterns, and flags issues before they ship.





permi scan --path ./myapp
permi scan --path https://github.com/user/repo





    Enter fullscreen mode
    


    Exit fullscreen mode
    













What Permi detects








Web scanning (--url)







    


  • 

SQL Injection — error-based, boolean-based blind, time-based blind
    • 


  • 

Cross-Site Scripting (XSS) — reflected XSS with context-aware testing
    • 


  • 

Missing Security Headers — HSTS, CSP, X-Frame-Options, X-Content-Type-Options
    • 


    • 





  



  
View on GitHub







  
  
  Links




PyPI: pip install permi

GitHub: peternasarah/permi

Let's kill false positives together. 🔥 

Permi CLI scanning a live URL for vulnerabilities Permi CLI scanning a live URL for vulnerabilities
Enter fullscreen mode Exit fullscreen mode

Top comments (0)