A powerful web vulnerability scanner with SQL injection, SSTI, exposed path detection, and AI-powered analysis.
Project description
dotSpot
A powerful web vulnerability scanner built in Python.
Features
- SQL Injection (SQLi) detection with comprehensive payload testing
- Server-Side Template Injection (SSTI) scanning
- Exposed Path Discovery for sensitive files and directories
- Cookie Security analysis
- HTML Comment extraction for information leakage
- JavaScript Analysis for secrets and sensitive data
- Base64 Decoding of embedded data
- AI-Powered Analysis via Groq for intelligent scan report summaries
Installation
pip install dotspot
Usage
Scan a target URL
dotspot scan <target-url>
You'll be prompted to choose between vulnerability scanning or flag hunting mode.
Analyze scan results with AI
dotspot analyze <scan-report.json>
Optionally pass --api-key YOUR_KEY or set the GROQ_API_KEY environment variable.
Show help
dotspot help
Configuration
Environment Variables
| Variable | Required | Default | Description |
|---|---|---|---|
GROQ_API_KEY |
✅ Yes | — | Your Groq API key for AI-powered analysis |
DEFAULT_MODEL |
❌ No | llama-3.3-70b-versatile |
Groq model to use |
Note: If
GROQ_API_KEYis not set, dotSpot will skip the AI Overview phase but all other scans will work normally.
Setting up your API key
Get a free API key from console.groq.com, then:
Linux / macOS:
export GROQ_API_KEY=gsk_your_key_here
# Optional: use a different model
export DEFAULT_MODEL=llama-3.1-8b-instant
To make it permanent, add the above lines to your ~/.bashrc or ~/.zshrc.
Windows (CMD):
set GROQ_API_KEY=gsk_your_key_here
set DEFAULT_MODEL=llama-3.1-8b-instant
Windows (PowerShell):
$env:GROQ_API_KEY="gsk_your_key_here"
$env:DEFAULT_MODEL="llama-3.1-8b-instant"
Available Models
You can set DEFAULT_MODEL to any model supported by Groq. Some popular options:
| Model | Description |
|---|---|
llama-3.3-70b-versatile |
Default — best quality |
llama-3.1-8b-instant |
Faster, lighter |
openai/gpt-oss-120b |
Good balance of speed and quality |
See the full list at console.groq.com/docs/models.
Requirements
- Python 3.9+
License
MIT License — see LICENSE for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dotspot-0.0.2.tar.gz.
File metadata
- Download URL: dotspot-0.0.2.tar.gz
- Upload date:
- Size: 36.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74d06fe0c8762d916f1d14c568eb33a7b7cc65db226c30bd2ac91e187b9719e9
|
|
| MD5 |
562d6ba1018af1be673537db634f0637
|
|
| BLAKE2b-256 |
8411ca2d15e958adb127ebe29667f84fd6dc4df34806b746bd4661bd75f4c53c
|
File details
Details for the file dotspot-0.0.2-py3-none-any.whl.
File metadata
- Download URL: dotspot-0.0.2-py3-none-any.whl
- Upload date:
- Size: 42.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
be23593ed93a8d81c9c0400e5d8f8cae9c74828ac6f4f9bc2e365bfd8d5f7934
|
|
| MD5 |
357ac97cbd9bdc3dd5b9d1721056a001
|
|
| BLAKE2b-256 |
97aff74143f43d9c1b7b68dd2b00630b5a3737d4fe4312ee07050da629eaa7cb
|
