Skip to main content

Enterprise web security scanner - Burp Suite + OWASP ZAP alternative with beautiful reports

Project description

🦀 CrabGuard

Enterprise web security scanner. Burp Suite + OWASP ZAP — without the $400/year license.

PyPI version Python License: MIT Product Hunt

pip install crabguard
crabguard scan https://your-site.com

Scans for OWASP Top 10 vulnerabilities and generates a beautiful, branded security report in seconds.


What it checks

Category Free (Passive) Pro (Active)
Security Headers (CSP, HSTS, XFO...)
Cookie Security (HttpOnly, Secure, SameSite)
TLS/HTTPS + Certificate Expiry
Mixed Content
Subresource Integrity (SRI)
Vulnerable JS Libraries
CORS Misconfiguration
Information Disclosure
SQL Injection (error + time-based blind)
Reflected XSS
Sensitive File Discovery (.env, .git, ...)
SSRF
Open Redirect
Default Credentials
PDF Reports
White-label Reports

Quick Start

# Install
pip install crabguard

# Passive scan (free, no account needed)
crabguard scan https://example.com

# Full active scan (Pro — requires API key)
crabguard scan https://example.com --mode full --api-key YOUR_KEY --consent

# Save as PDF
crabguard scan https://example.com --format pdf --api-key YOUR_KEY

# Route through Burp Suite / OWASP ZAP
crabguard scan https://example.com --proxy http://127.0.0.1:8080

# JSON output for CI/CD
crabguard scan https://example.com --format json --quiet
echo $?  # exit 1 if critical/high findings, 0 if clean

Python API

from crabguard import CrabGuardScanner, CrabGuardConfig, ScanMode

# Free passive scan
scanner = CrabGuardScanner("https://example.com", verbose=True)
report  = scanner.scan()
scanner.save_report(report, "report.html")

# Pro active scan
config  = CrabGuardConfig(api_key="YOUR_KEY", active_consent=True)
scanner = CrabGuardScanner("https://example.com", mode=ScanMode.FULL, config=config)
report  = scanner.scan()
scanner.save_report(report, "report.html")
scanner.save_report(report, "report.pdf", fmt="pdf")

# Access findings programmatically
for finding in report.all_findings:
    print(f"[{finding.severity.value.upper()}] {finding.title}")
    if finding.remediation:
        print(f"  Fix: {finding.remediation}")

CI/CD Integration (GitHub Actions)

- name: Security scan
  run: |
    pip install crabguard
    crabguard scan ${{ env.STAGING_URL }} --format json --quiet
  # Fails the build automatically if critical/high findings are found

Report Sample

CrabGuard generates a full HTML or PDF report with:

  • Overall security score (0–100)
  • Per-category scores and OWASP Top 10 mapping
  • Detailed findings with remediation steps and code snippets
  • CrabGuard branded watermark (white-label available on Pro)

Pricing

Free Pro Enterprise
Passive scan
Active scan (SQLi, XSS, SSRF...)
PDF reports + white-label
Scan history & dashboard
Team seats
SLA + priority support
Price Free $49/mo Contact us

Get your API key at crabguard.io


⚠️ Responsible Use

Active scanning sends real payloads to the target server. Only scan systems you own or have explicit written permission to test. Unauthorized scanning may be illegal under the CFAA and similar laws. Always pass --consent to confirm you have permission.


License

MIT — free to use, modify, and distribute. See LICENSE.

Built with ❤️ by CrabGuard Security

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

crabguard-1.0.0.tar.gz (35.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

crabguard-1.0.0-py3-none-any.whl (43.2 kB view details)

Uploaded Python 3

File details

Details for the file crabguard-1.0.0.tar.gz.

File metadata

  • Download URL: crabguard-1.0.0.tar.gz
  • Upload date:
  • Size: 35.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.1

File hashes

Hashes for crabguard-1.0.0.tar.gz
Algorithm Hash digest
SHA256 f0c1d6500e369d9b802b342c6daf328b18431525a65fc355681bb76630e7fb99
MD5 6afaa73520258c0668b75bebe8ccdb8a
BLAKE2b-256 baac8f121e6662502abbc243e80b0e1bfb5e41a970c2c5b4dde4200752050c77

See more details on using hashes here.

File details

Details for the file crabguard-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: crabguard-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 43.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.1

File hashes

Hashes for crabguard-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 518d831b7bf0c16ced685431c6f7d86649554b90e6ffaf9fccb4bc07e9386113
MD5 bdfb143d46e8b5a2c029618630b76884
BLAKE2b-256 25efea8c0c4eadc9d42c0c76e9a01b731291cb856dbbb082dcebae1882bfd1ef

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page