Skip to content
/ vulnsniff Public

A browser extension that detects common web vulnerabilities and explains them using AI. Powered by GROQ and backed by a secure Node.js proxy.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

neelshha/vulnsniff

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

22 Commits
VULSNIFF-EXTENSION
VULSNIFF-EXTENSION
Β 
Β 
groq-proxy-server
groq-proxy-server
Β 
Β 
.DS_Store
.DS_Store
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

VulnSniff πŸ”

VulnSniff is a Chrome extension and companion Node.js proxy server that scans websites for common vulnerabilities and provides instant AI-powered explanations and remediation steps using the GROQ LLM API.

βœ… Now fully deployed β€” no local backend needed. Just load the extension and go.

🌐 Live AI Proxy

https://vulnsniff-proxy.onrender.com/api/explain

This backend securely communicates with the GROQ API to return vulnerability explanations in plain English. It keeps your API key hidden from the frontend.

πŸ“¦ Project Structure

VulnSniff/
β”œβ”€β”€ VULSNIFF-EXTENSION/      # Chrome Extension UI + logic
β”‚   β”œβ”€β”€ utils/groq.js        # Connects to hosted API
β”‚   β”œβ”€β”€ popup.js             # Displays results
β”‚   β”œβ”€β”€ contentScript.js     # Finds issues
β”‚   β”œβ”€β”€ manifest.json        # Chrome config
β”‚   └── ...                  # HTML, CSS, assets
β”œβ”€β”€ groq-proxy-server/       # Hosted proxy backend (Render)
β”‚   β”œβ”€β”€ groq-proxy.js
β”‚   β”œβ”€β”€ package.json
β”‚   β”œβ”€β”€ .gitignore
β”‚   └── .env (local only)
└── README.md

βš™οΈ How It Works

  • The extension scans webpages for missing security headers or bad practices (e.g. CSP, X-Frame, HSTS).
  • Findings are passed to the backend (/api/explain).
  • The backend sends them to Groq’s AI model.
  • A plain-English explanation is returned (Severity, Description, Fix).

πŸš€ Quick Start

πŸ”§ 1. Clone the repo

git clone https://github.com/neelshha/VulnSniff.git
cd VulnSniff

πŸ”Œ 2. Use the Hosted Proxy (No Setup Required)

The extension is preconfigured to use the hosted endpoint:

https://vulnsniff-proxy.onrender.com/api/explain

No need to run any servers locally.

🧩 3. Load the Extension into Chrome

  1. Go to chrome://extensions
  2. Enable Developer mode
  3. Click Load unpacked
  4. Select the folder: VULSNIFF-EXTENSION/
  5. Click the extension icon on any website to run a scan

🧠 Example Output

Severity: High
Description: The site is missing a CSP header, making it vulnerable to XSS attacks.
Fix: Add a Content-Security-Policy header to restrict allowed content sources.

πŸ” API & Security

  • The Groq API key is stored on the server only
  • The frontend never sees or leaks the key
  • .env is .gitignored and only used during local development

πŸ§ͺ Development (Optional)

To run the proxy locally:

cd groq-proxy-server
npm install
echo "GROQ_API_KEY=your_key" > .env
node groq-proxy.js

Then update groq.js to use http://localhost:3001/api/explain if needed.

🀝 Contributing

Open issues or PRs to:

  • Improve vulnerability detection
  • Add features (e.g., export, history, badge count)
  • Polish the UI or add animations

πŸͺͺ License

MIT β€” free for personal and commercial use.

About

A browser extension that detects common web vulnerabilities and explains them using AI. Powered by GROQ and backed by a secure Node.js proxy.

Topics

chrome-extension xss cybersecurity content-security-policy secure-coding vulnerability-scanner ai-security browser-security security-headers groq web-vulnerabilities llm

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages