Skip to content

HelloWaord1/0xaudit-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
bin
bin
Β 
Β 
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
package.json
package.json
Β 
Β 

Repository files navigation

πŸ›‘οΈ 0xAudit Security Scanner

Free, open-source CLI tool for instant website security audits

npm version CI License: MIT GitHub stars

What it does

Scans any website and checks for:

Check What it tests
πŸ”’ SSL/TLS Certificate validity, expiry, TLS version, weak ciphers
πŸ“‹ Security Headers HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
🌐 CORS Wildcard origins, credential leaks, origin reflection
πŸ“§ DNS Security SPF, DMARC, DKIM records
πŸ“ File Exposure .env, .git, phpinfo, server-status, swagger, backup files

Zero dependencies. Pure Node.js. Works on Node 16+.

Quick Start

# Run instantly (no install)
npx @0xaudit/scanner https://your-site.com

# Or install globally
npm install -g @0xaudit/scanner
0xaudit scan https://your-site.com

Usage

# Terminal output (default β€” with colors)
0xaudit scan https://example.com

# JSON output (for CI/CD pipelines)
0xaudit scan https://example.com --format json

# Markdown report
0xaudit scan https://example.com --format md

# Custom timeout
0xaudit scan https://example.com --timeout 15000

Example Output

  πŸ›‘οΈ  0xAudit Security Scanner v1.0

  Target: https://example.com
  Score:  B (82/100)
  Scan time: 2341ms

  ──────────────────────────────────────────────────

  HIGH (1):
    βœ— Missing HSTS header
      β†’ Add: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

  MEDIUM (2):
    βœ— Missing Content-Security-Policy
      β†’ Implement a Content-Security-Policy header
    βœ— No DMARC record
      β†’ Add a DMARC TXT record at _dmarc.domain

  PASSED (8):
    βœ“ Valid SSL certificate
    βœ“ TLS 1.3 supported
    βœ“ No CORS headers (default same-origin)
    βœ“ SPF record configured
    ...

  ──────────────────────────────────────────────────
  Full audit? Visit https://0-x-audit.com
  or connect via MCP: mcp.0-x-audit.com

Exit Codes

Code Meaning
0 Score β‰₯ 70 (passing)
1 Score 40-69 (needs work)
2 Score < 40 or error

Perfect for CI/CD pipelines β€” fail builds on poor security scores.

Grading Scale

Grade Score Meaning
A 90-100 Excellent security posture
B 80-89 Good, minor improvements needed
C 70-79 Acceptable, several issues
D 50-69 Poor, significant issues
F 0-49 Critical security problems

Need a Full Audit?

This scanner covers the basics. For a comprehensive security audit including:

  • πŸ” Deep vulnerability assessment
  • πŸ“ Smart contract auditing
  • πŸ—οΈ Architecture review
  • πŸ“Š Detailed remediation report

Visit 0-x-audit.com or connect via MCP: mcp.0-x-audit.com

Contributing

PRs welcome! Please open an issue first to discuss changes.

License

MIT Β© 0xAudit

About

πŸ›‘οΈ Free open-source CLI security scanner β€” instant website security audits

0-x-audit.com

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages