Python security scanner with pentest mode - audit your website, API, or server
Project description
๐ Security Audit Tool
One command to audit your website, API, or server. Built for business owners who care about security.
Python security scanner with defensive checks + active pentest mode. Find vulnerabilities, test performance, and generate professional reports for your business.
A Python-based security assessment tool that helps you identify vulnerabilities, performance issues, and security misconfigurations in your own systems. Perfect for business owners, developers, and DevOps teams who want to proactively secure their infrastructure.
โ ๏ธ Legal Notice
For authorized security testing only. Use exclusively on:
- Systems you own
- Systems you have explicit written permission to test
Unauthorized scanning may violate laws. By using this tool, you confirm proper authorization.
๐ What This Tool Does
This tool performs two types of security assessments:
1. Defensive/Read-Only Checks (Safe)
- Scan file permissions, services, firewall rules
- Detect hardcoded secrets in code
- Check TLS certificates, container configs
- Analyze dependencies for known vulnerabilities
2. Active/Pentest Checks (Sends Traffic)
- Performance testing: Measure response times
- Vulnerability scanning: Test for SQL injection, XSS
- Load testing: Simulate traffic to test capacity
๐ก Perfect For
| Use Case | What You Get |
|---|---|
| Business Owner | Know if your website has security holes |
| Developer | Find secrets in code before committing |
| DevOps/SRE | Test if your servers can handle traffic spikes |
| Security Team | Quick first-line vulnerability assessment |
| Compliance | Generate audit reports for security reviews |
๐ ๏ธ Quick Start (5 minutes)
1. Install
pip install cache-wraith-audit-tool
2. Run Your First Scan
Interactive Mode (Easiest) - Just run with no arguments:
security-audit
The TUI will guide you through target selection, scan mode, and reporting.
Command Line Mode:
# Simple security audit
security-audit --url https://your-website.com --full-scan
# Scan local system
security-audit --local --full-scan
This creates:
audit_report_*.html- Professional HTML reportaudit_report_*.json- Machine-readable JSONaudit_report_*.pdf- PDF report (pentest mode)
3. View Results
# Open the HTML report
firefox audit_report_*.html
๐ Common Commands
Basic Scanning
# Scan any website
security-audit --url https://example.com --full-scan
# Scan your local system
security-audit --local --full-scan
# Scan a project directory
security-audit --path ./my-project --full-scan
# Scan multiple websites
security-audit --url https://api1.com --url https://api2.com --full-scan
# Interactive mode (no arguments)
security-audit
Pentest Mode (Active Testing)
# Full pentest with performance, vulnerability, and load tests
security-audit --url https://your-business.com --pentest-mode
# Just vulnerability scan (SQLi, XSS tests)
security-audit --url https://your-api.com --enable-vulnerability-scan
# Performance test only
security-audit --url https://your-api.com --enable-performance-test
# Load test (simulates traffic - use with caution!)
security-audit --url https://your-api.com --enable-load-test
โ ๏ธ Pentest features send actual traffic to your target. Only use on your own systems.
๐ What Gets Checked
By Default (Safe, Read-Only)
- โ File/directory permissions
- โ Running services and open ports
- โ Firewall configuration
- โ Hardcoded secrets in code
- โ Outdated dependencies with known CVEs
- โ Docker/container security
- โ Web application configuration
With --full-scan
- โ Everything above, plus:
- โ TLS/SSL certificate validation
- โ Performance testing
- โ Vulnerability scanning (SQLi, XSS)
With --pentest-mode
- โ Everything above, plus:
- โ Load testing / DDoS simulation
๐ฌ Security Checks Reference
| Check ID | Category | Description | Default |
|---|---|---|---|
| permissions | Read-Only | File/directory permissions (world-writable, SUID/SGID) | โ Enabled |
| services | Read-Only | Running service and port enumeration | โ Enabled |
| firewall | Read-Only | Firewall status and configuration | โ Enabled |
| hardening | Read-Only | OS hardening indicator checks | โ Enabled |
| secrets | Read-Only | Hardcoded secrets and credential patterns | โ Enabled |
| dependencies | Read-Only | Outdated and vulnerable dependencies | โ Enabled |
| containers | Read-Only | Docker/container security configuration | โ Enabled |
| webapp_config | Read-Only | Web application configuration checks | โ Enabled |
| tls | Read-Only | TLS/SSL certificate inspection | โ ๏ธ --enable-tls-checks |
| performance | Active | Response time measurement | โ ๏ธ --enable-performance-test |
| vulnerability | Active | SQL injection, XSS tests | โ ๏ธ --enable-vulnerability-scan |
| load_test | Active | DDoS simulation (intensive) | โ ๏ธ --pentest-mode only |
Use with --skip-checks or --only-checks:
# Skip specific checks
security-audit --url example.com --skip-checks "tls,containers"
# Run only specific checks
security-audit --url example.com --only-checks "vulnerability,secrets"
# List all available checks
security-audit --list-checks
๐ Output Formats
| Format | File Extension | Use Case |
|---|---|---|
| Terminal | - | Quick review during development |
| HTML | .html |
Share with team, management, compliance |
| JSON | .json |
CI/CD integration, automation, archiving |
.pdf |
Formal documentation, offline review |
๐๏ธ For Developers (Architecture)
Want to extend the tool? Here's how it's structured:
app/
โโโ cli.py # Command-line interface
โโโ main.py # Entry point and orchestration
โโโ config.py # Configuration management
โโโ scope.py # Target validation and scoping
โโโ checks/ # Security test implementations
โ โโโ base.py # Base class for all checks
โ โโโ permissions_check.py
โ โโโ vulnerability_check.py # SQLi, XSS tests
โ โโโ performance_check.py
โ โโโ load_test_check.py # DDoS simulation
โโโ collectors/ # Data gathering modules
โโโ report/ # Output generators (JSON, HTML, Terminal)
โโโ utils/ # Rate limiting, timeouts, validators
Adding a New Check
- Create
app/checks/my_check.py - Inherit from
BaseCheck - Implement
run()method - Register in
app/checks/__init__.py
from .base import BaseCheck, CheckResult
from ..models import SeverityLevel
class MyCheck(BaseCheck):
check_id = "my_check"
check_name = "My Security Check"
def run(self) -> CheckResult:
result = self._create_result()
# Your check logic here
finding = self._create_finding(
title="Example issue",
severity=SeverityLevel.MEDIUM,
target="example.com",
evidence="Found issue X",
remediation="Fix by doing Y"
)
result.findings.append(finding)
return self._finish_result(result)
Running Tests
# Install dev dependencies
venv/bin/pip install -e ".[dev]"
# Run tests
venv/bin/pytest
# Run with coverage
venv/bin/pytest --cov=app
๐ Documentation
| Document | What's Inside |
|---|---|
docs/RUN.md |
How to install and run the tool |
docs/COMMANDS.md |
All available commands and examples |
docs/PENTEST.md |
Pentest mode guide for active testing |
docs/FEATURES.md |
Feature list and what each check does |
docs/ARCHITECTURE.md |
Code structure for developers |
docs/TROUBLESHOOTING.md |
Common issues and solutions |
๐ Safety Features
- Explicit Scope Required - Tool won't run without defined targets
- Authorization Prompt - Legal confirmation required
- Rate Limiting - Built-in request throttling
- Read-Only by Default - No modifications to target systems
- Opt-in Active Tests - Pentest features must be explicitly enabled
- Auditable - All actions logged
๐ CI/CD Integration
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup
run: |
python -m venv venv
venv/bin/pip install -e .
- name: Run Security Audit
run: security-audit --url https://staging.your-app.com --full-scan
- name: Upload Report
uses: actions/upload-artifact@v3
with:
name: security-report
path: audit_report_*.html
๐ฏ Roadmap
- CIS Benchmark compliance checks
- SBOM generation (CycloneDX, SPDX)
- Kubernetes security scanning
- API endpoint fuzzing
- Compliance mapping (NIST, PCI-DSS, SOC2)
๐ค Contributing
Contributions welcome! Please ensure:
- All checks are defensive and non-destructive by default
- Code includes type hints
- Tests included for new functionality
- Documentation updated
๐ License
MIT License - See LICENSE file for details.
Built with โค๏ธ for business owners who take security seriously.
Got questions? Open an issue or check the docs/ folder.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cache_wraith_audit_tool-1.0.7.tar.gz
(108.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cache_wraith_audit_tool-1.0.7.tar.gz.
File metadata
- Download URL: cache_wraith_audit_tool-1.0.7.tar.gz
- Upload date:
- Size: 108.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
270eb1570d64f218af614e59fa4038ce5fe16c4cdf9ebd940dc4051a8da75833
|
|
| MD5 |
5eea050f749d2d338ca35c09978d0929
|
|
| BLAKE2b-256 |
3f82824d3a5b65a81ae01411c8d7266222c1562bcdd04035f5970e8fb265d58a
|
File details
Details for the file cache_wraith_audit_tool-1.0.7-py3-none-any.whl.
File metadata
- Download URL: cache_wraith_audit_tool-1.0.7-py3-none-any.whl
- Upload date:
- Size: 114.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a20c1d53c531344649e28aa48442570f3d3323412b9786ee0c147844b936158f
|
|
| MD5 |
6a4ee06e0493b8f96b448f6433b8cca4
|
|
| BLAKE2b-256 |
318a6bd003e86080f505d8d41bc50adf0d2a946a2df47fefc02ec580f7cff6b2
|
