Skip to main content

AI-ready security audit agent for mobile, web, and backend projects, starting with mobile apps.

Project description

SherSec

SherSec is an AI-ready security audit agent for modern application projects.

Short purpose:

SherSec is a security scanner and AI audit agent for modern application projects.

The first milestone focuses on mobile application security. It detects common mobile project types, runs static checks against Android and cross-platform app files, and produces actionable reports that can later be enriched by an AI agent.

Current scope

  • Detect Android, iOS, Flutter, and React Native project signals.
  • Scan Android manifests for dangerous permissions and insecure configuration.
  • Scan source and configuration files for hardcoded secrets and risky patterns.
  • Generate terminal, JSON, Markdown, and HTML reports.
  • Keep the core scanner independent from any single UI or AI provider.

Quick start

Install directly from GitHub:

python -m pip install "shersec @ git+https://github.com/isshort/shersec.git"
shersec scan /path/to/mobile/project --format markdown --output report.md

Or install from a local checkout:

python -m venv .venv
source .venv/bin/activate
pip install -e .
shersec scan ../todo --format markdown --output report.md

You can also run the CLI without installing the package:

PYTHONPATH=src python -m shersec scan ../todo

Python API

from pathlib import Path

from shersec import scan_project

report = scan_project(Path("/path/to/mobile/project"))
print(report.finding_count)

Build package

python -m pip install build
python -m build

The build creates a source distribution and wheel in dist/.

Development checks

PYTHONPATH=src python -m unittest discover -s tests
PYTHONPYCACHEPREFIX=/tmp/shersec-pycache python -m compileall src tests

Example

shersec scan /path/to/mobile/project --format json --output shersec-report.json
shersec scan /path/to/mobile/project --format html --output shersec-report.html

Roadmap

  1. Android static checks.
  2. iOS static checks.
  3. OWASP MASVS mapping and richer remediation guidance.
  4. AI agent planner for project-specific scan strategy.
  5. CI integrations and package releases.

Development documentation

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

shersec-0.1.0.tar.gz (18.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

shersec-0.1.0-py3-none-any.whl (19.2 kB view details)

Uploaded Python 3

File details

Details for the file shersec-0.1.0.tar.gz.

File metadata

  • Download URL: shersec-0.1.0.tar.gz
  • Upload date:
  • Size: 18.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for shersec-0.1.0.tar.gz
Algorithm Hash digest
SHA256 7ac4e22ee0ad24e5099e32db6485e1b4a1350aeb94c1dd3493cf6a52123724aa
MD5 aa63ea0e2a6c5a5ffe2dc1266fa3a3d4
BLAKE2b-256 24fe6f27c2f7c9d63e49e7b165a23c7e776984d80f564c25c6ae37b93c596158

See more details on using hashes here.

File details

Details for the file shersec-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: shersec-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 19.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for shersec-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e95ddd2aa60c7273d451a703651760acfa809f32bd64573c34ade585131d3c36
MD5 fdedb811f2c513760b6cfeb6ecfeab2c
BLAKE2b-256 77b89bc3c6364072ca5ec8d6c7787e2b2be7836150c252273da41b941d799ead

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page