This content originally appeared on DEV Community and was authored by Pratik242
๐ก๏ธ I Built a JavaScript Web Vulnerability Scanner. Hereโs How (And Why You Should Try It)
๐ Scan your websites for XSS, CSRF, SSL issues, and more straight from the CLI or your browser
Like many developers, Iโve always been fascinated by how web apps can be broken ethically, of course. I wanted to build a tool that could:
โ
Find real-world bugs like XSS, CSRF, missing headers
โ
Work from the command line or the browser
โ
Be open-source and free
โ
Help developers secure their own sites
So I built web-vuln-scanner a JavaScript-powered vulnerability scanner you can run anywhere. No setup. No cost. Just โ๏ธ scan and see.
โ๏ธ What It Does
Hereโs what the scanner can detect:
Vulnerability Type What It Checks For
๐งฌ XSS Reflected/script injection in forms/URLs
๐ธ๏ธ CSRF Missing tokens and protection headers
๐ SSL/TLS Misconfigurations, weak ciphers
๐ฌ HTTP Headers Missing security headers like CSP, HSTS
๐ Directory Traversal Unsafe file paths
๐ Open Ports Common exposed ports (on websites)
๐ฆ Dependency Issues Outdated or vulnerable libraries
Bonus:
๐ง Gemini AI-powered suggestions (Need Help Fixing? button in UI)
๐งช CLI with flags like --quick, --risk-insight, and --show-evidence
๐ Quick Start (CLI)
npm install -g web-vuln-scanner
web-vuln-scanner https://example.com
๐ Options:
--quick // Fast scan (headers + SSL)
--deep // Puppeteer-based crawl
--risk-insight // Risk level analysis
--show-evidence // Show raw technical details
You get a report in Markdown, HTML, or JSON.
๐งโ๐ป Web UI Demo (with AI Suggestions)
Visit the web UI: ๐ scannervuln.vercel.app
Paste your URL โ Get instant results โ Click Need Suggestions? to get Gemini AI-powered security fixes ๐ก
๐ฆ VS Code Extension
You can even scan your sites inside VS Code with the new extension:
โก๏ธ Web Vuln Scanner โ VS Code
๐ง Why I Built This
I noticed two things:
Most security tools are either too complex or too expensive
Dev-friendly vulnerability scanners are rare
So I created something that feels like a dev tool, not a pentesterโs console.
Inspired by:
๐ ๏ธ Nuclei
โ๏ธ ZAP
โก Lighthouse
But simplified for devs like us.
๐ง How It Works
Under the hood:
Node.js + Puppeteer for crawling JavaScript-rendered pages
Scanners as modules (lib/scanners/*.js)
Real-time console output + rich reporting
Cookie/header injection support
AI-fixes via Gemini 2.0
๐ค Open Source & Dev Friendly
๐ GitHub: github.com/pratikacharya1234/web-vuln-scanner
๐ฆ NPM: npmjs.com/package/web-vuln-scanner
Feel free to:
โญ Star the repo
๐ด Fork it and build your own
๐ Submit issues
๐ Contribute!
๐ก Whatโs Next?
Coming soon:
๐งช CI/CD integration via GitHub Action
๐ OAuth and JWT Auth Scanning
๐ OWASP, PCI DSS, and GDPR compliance reports
๐งโ๐ผ Enterprise UI with Jira/Slack integrations
๐ง Final Thoughts
Security shouldnโt be scary, boring, or expensive.
Letโs bring hacker vibes to developers responsibly.
Try it, break your own site (gently), and ship safer software ๐
If you like it, drop a โญ on GitHub or let me know what you want added next!
repo : https://github.com/pratikacharya1234/Web-Vulnerability-Scanner
npm : https://www.npmjs.com/package/web-vuln-scanner
This content originally appeared on DEV Community and was authored by Pratik242
Pratik242 | Sciencx (2025-04-21T23:07:22+00:00) ๐ I Built a JavaScript Web Vulnerability Scanner Devs Can Actually Use (CLI, Web UI, and AI-Powered Fixes). Retrieved from https://www.scien.cx/2025/04/21/%f0%9f%94%90-i-built-a-javascript-web-vulnerability-scanner-devs-can-actually-use-cli-web-ui-and-ai-powered-fixes/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.