Enterprise web security scanner - Burp Suite + OWASP ZAP alternative with beautiful reports
Project description
🦀 CrabGuard
Enterprise web security scanner. Burp Suite + OWASP ZAP — without the $400/year license.
pip install crabguard
crabguard scan https://your-site.com
Scans for OWASP Top 10 vulnerabilities and generates a beautiful, branded security report in seconds.
What it checks
| Category | Free (Passive) | Pro (Active) |
|---|---|---|
| Security Headers (CSP, HSTS, XFO...) | ✅ | ✅ |
| Cookie Security (HttpOnly, Secure, SameSite) | ✅ | ✅ |
| TLS/HTTPS + Certificate Expiry | ✅ | ✅ |
| Mixed Content | ✅ | ✅ |
| Subresource Integrity (SRI) | ✅ | ✅ |
| Vulnerable JS Libraries | ✅ | ✅ |
| CORS Misconfiguration | ✅ | ✅ |
| Information Disclosure | ✅ | ✅ |
| SQL Injection (error + time-based blind) | — | ✅ |
| Reflected XSS | — | ✅ |
| Sensitive File Discovery (.env, .git, ...) | — | ✅ |
| SSRF | — | ✅ |
| Open Redirect | — | ✅ |
| Default Credentials | — | ✅ |
| PDF Reports | — | ✅ |
| White-label Reports | — | ✅ |
Quick Start
# Install
pip install crabguard
# Passive scan (free, no account needed)
crabguard scan https://example.com
# Full active scan (Pro — requires API key)
crabguard scan https://example.com --mode full --api-key YOUR_KEY --consent
# Save as PDF
crabguard scan https://example.com --format pdf --api-key YOUR_KEY
# Route through Burp Suite / OWASP ZAP
crabguard scan https://example.com --proxy http://127.0.0.1:8080
# JSON output for CI/CD
crabguard scan https://example.com --format json --quiet
echo $? # exit 1 if critical/high findings, 0 if clean
Python API
from crabguard import CrabGuardScanner, CrabGuardConfig, ScanMode
# Free passive scan
scanner = CrabGuardScanner("https://example.com", verbose=True)
report = scanner.scan()
scanner.save_report(report, "report.html")
# Pro active scan
config = CrabGuardConfig(api_key="YOUR_KEY", active_consent=True)
scanner = CrabGuardScanner("https://example.com", mode=ScanMode.FULL, config=config)
report = scanner.scan()
scanner.save_report(report, "report.html")
scanner.save_report(report, "report.pdf", fmt="pdf")
# Access findings programmatically
for finding in report.all_findings:
print(f"[{finding.severity.value.upper()}] {finding.title}")
if finding.remediation:
print(f" Fix: {finding.remediation}")
CI/CD Integration (GitHub Actions)
- name: Security scan
run: |
pip install crabguard
crabguard scan ${{ env.STAGING_URL }} --format json --quiet
# Fails the build automatically if critical/high findings are found
Report Sample
CrabGuard generates a full HTML or PDF report with:
- Overall security score (0–100)
- Per-category scores and OWASP Top 10 mapping
- Detailed findings with remediation steps and code snippets
- CrabGuard branded watermark (white-label available on Pro)
Pricing
| Free | Pro | Enterprise | |
|---|---|---|---|
| Passive scan | ✅ | ✅ | ✅ |
| Active scan (SQLi, XSS, SSRF...) | — | ✅ | ✅ |
| PDF reports + white-label | — | ✅ | ✅ |
| Scan history & dashboard | — | — | ✅ |
| Team seats | — | — | ✅ |
| SLA + priority support | — | — | ✅ |
| Price | Free | $49/mo | Contact us |
Get your API key at ashishjsharda.github.io/crabguard
⚠️ Responsible Use
Active scanning sends real payloads to the target server. Only scan systems you own or have explicit written permission to test. Unauthorized scanning may be illegal under the CFAA and similar laws. Always pass --consent to confirm you have permission.
License
MIT — free to use, modify, and distribute. See [LICENSE](LI
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file crabguard-1.0.1.tar.gz.
File metadata
- Download URL: crabguard-1.0.1.tar.gz
- Upload date:
- Size: 35.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bafd9a49e33e3195770a677ae15b151720a26b4bef3e0ed8285ec8bac039e32e
|
|
| MD5 |
7b938173c634da95f2b1f2ed01b96ec3
|
|
| BLAKE2b-256 |
1e440e2278fda4592666bf0afdd391123de29b71bfc04b4db50194c9ae2b407f
|
File details
Details for the file crabguard-1.0.1-py3-none-any.whl.
File metadata
- Download URL: crabguard-1.0.1-py3-none-any.whl
- Upload date:
- Size: 43.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
000c7e3ac596fbb654c1ff91211df81142402c768d71efceaa172286bed0adaf
|
|
| MD5 |
380d11c82203335a5c043b33dedaf55f
|
|
| BLAKE2b-256 |
bbb67e229d19beceac2fc1143c70b6e6c5c5ee953691ee094bf8694735e22a15
|