A comprehensive visual security scanner that analyzes any website for vulnerabilities, misconfigurations, and security risks with an interactive dashboard.
- Malware Detection: Scan URLs for malicious content using VirusTotal API
- Attack Surface Analysis: Identify open ports and exposed services
- SSL/TLS Assessment: Comprehensive HTTPS security evaluation
- Security Headers Audit: Check for missing security headers (CSP, XSS Protection, etc.)
- Tech Stack Fingerprinting: Identify technologies and frameworks used
- Domain Intelligence: WHOIS information, domain age, and registration details
- Radar Chart: Visual vulnerability score breakdown
- Bar Graphs: Security headers compliance
- Pie Charts: Risk category distribution
- Real-time Scanning: Live progress updates
- Risk Scoring: High/Medium/Low risk assessment
- Recommendations: Actionable security improvements
- Rate Limiting: API usage protection
- CORS Security: Cross-origin request handling
- Error Handling: Graceful failure management
- Responsive Design: Works on all devices
- Node.js (v16 or higher)
- npm or yarn
- API Keys (see Configuration section)
-
Clone the repository
git clone <repository-url> cd WebSecVisualizer
-
Install dependencies
npm run install-all
-
Configure environment variables
cp .env.example .env # Edit .env with your API keys -
Start the development server
npm run dev
-
Open your browser
Frontend: http://localhost:3000 Backend: http://localhost:5000
Create a .env file in the root directory:
# Server Configuration
PORT=5000
NODE_ENV=development
# API Keys (Get these from respective services)
VIRUSTOTAL_API_KEY=your_virustotal_api_key
WAPPALYZER_API_KEY=your_wappalyzer_api_key
SHODAN_API_KEY=your_shodan_api_key
# Rate Limiting
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
# Security
CORS_ORIGIN=http://localhost:3000- VirusTotal: Get API Key
- Wappalyzer: Get API Key
- Shodan: Get API Key
- Enter a URL: Input any website URL (e.g.,
https://example.com) - Start Scan: Click the scan button to begin analysis
- View Results: Monitor real-time progress and view comprehensive results
- Analyze Dashboard: Explore interactive charts and security metrics
- Get Recommendations: Review actionable security improvements
WebSecVisualizer/
โโโ client/ # React frontend
โ โโโ src/
โ โ โโโ components/ # React components
โ โ โโโ pages/ # Page components
โ โ โโโ services/ # API services
โ โ โโโ utils/ # Utility functions
โโโ server/ # Node.js backend
โ โโโ routes/ # API routes
โ โโโ services/ # Security scanning services
โ โโโ middleware/ # Express middleware
โ โโโ utils/ # Backend utilities
โโโ public/ # Static assets
โโโ docs/ # Documentation
POST /api/scan- Start a new security scanGET /api/scan/:id- Get scan resultsGET /api/scan/:id/status- Get scan status
GET /api/analysis/ssl/:domain- SSL/TLS analysisGET /api/analysis/headers/:domain- Security headers checkGET /api/analysis/tech/:domain- Technology detectionGET /api/analysis/malware/:url- Malware detection
- Dark Theme: Modern black background with polished components
- Interactive Charts: D3.js powered visualizations
- Real-time Updates: Live progress indicators
- Responsive Design: Mobile-friendly interface
- Smooth Animations: Enhanced user experience
- Rate limiting to prevent API abuse
- Input validation and sanitization
- CORS configuration for cross-origin requests
- Helmet.js for security headers
- Environment variable protection
npm run build
npm startNODE_ENV=production
PORT=5000
CORS_ORIGIN=https://yourdomain.com- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
For support and questions:
- Create an issue in the repository
- Check the documentation in
/docs - Review the API documentation
- User authentication system
- Scan history and comparison
- Scheduled re-scanning
- Email alerts for vulnerabilities
- PDF report export
- Freemium SaaS model
- Advanced vulnerability scanning
- Integration with more security tools
Built with โค๏ธ for the security community