Built this to scratch my own itch. Wanted something lighter than Burp Suite for quick security checks during development.
It analyzes:
- Security headers (CSP, HSTS, X-Frame-Options)
- Cookie security flags
- Vulnerable JS libraries (jQuery, Angular, Lodash with CVE info)
- Mixed content
- Basic XSS patterns
- Sensitive data exposure in source
Everything runs locally in the browser. No data sent anywhere. Exports HTML reports.
Chrome Web Store: https://chromewebstore.google.com/detail/securiscan-web-secu...
Also launched on Product Hunt today if you want to check it out there. https://www.producthunt.com/posts/securiscan/maker-invite?co...
Feedback welcome. Planning to add more vulnerability signatures in v1.1.
