10-second security scan for developers who ship fast
Project description
Shinobi
10-second security scan for developers who ship fast
Shinobi is a local-first security scanner that checks your codebase for exposed secrets, dangerous defaults, vulnerable dependencies, missing security basics, and AI-specific risks โ all in seconds, right from the terminal.
100% local. Zero data ever leaves your machine.
Install
pip install shinobi-scan
Or install from source:
git clone https://github.com/AkrijSama/shinobi.git
cd shinobi
python generate_logo.py
pip install .
Usage
# Scan current directory (fast mode)
shinobi
# Scan a specific directory
shinobi /path/to/project
# Clone and scan a remote public repo
shinobi --repo https://github.com/user/project
# Deep scan โ includes git history for previously committed secrets
shinobi --deep
# Save JSON report to a specific file
shinobi --output report.json
# Plain text output (no ANSI colors)
shinobi --no-color
What It Scans
| Scanner | What It Checks |
|---|---|
| Secrets | API keys (OpenAI, Stripe, AWS, GitHub, etc), passwords, tokens, private keys, .env files not in .gitignore |
| Defaults | DEBUG=True, CORS wildcards, 0.0.0.0 bindings, default database passwords, weak SECRET_KEYs |
| Dependencies | Known CVEs via pip-audit/npm-audit, unpinned versions |
| Armor | Missing rate limiting, CSRF protection, security headers, input sanitization, authentication |
| AI Risks | LLM keys in client code, prompt injection patterns, model files in repo, exposed system prompts |
| Git History | Previously committed secrets across last 500 commits (with --deep) |
Sample Output
__ _ _ _ _
/ _\ |__ (_)_ __ ___ | |__ (_)
\ \| '_ \| | '_ \ / _ \| '_ \| |
_\ \ | | | | | | | (_) | |_) | |
\__/_| |_|_|_| |_|\___/|_.__/|_|
v1.0 โ shadow guard for your code
๐ shinobi v1.0 โ security scan complete
Project: my-app
Scanned: 342 files in 2.1s
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ THREAT LEVEL: CRITICAL ๐ด โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ SECRETS EXPOSED 3 found
โ src/config.py:12 โ OpenAI API Key: sk-a****...x9f2
โ .env:5 โ AWS Access Key: AKIA****...XMPL
โ ๏ธ DANGEROUS DEFAULTS 1 found
โ settings.py:8 โ Debug mode is enabled
๐ก๏ธ MISSING ARMOR 2 gaps
โ No rate limiting detected
โ No CSRF protection detected
Total issues: 6 | Critical: 3 | High: 1 | Medium: 2
Privacy
Shinobi runs entirely on your machine. It does not make network requests, phone home, or transmit any data. The only external calls are to pip audit and npm audit (which are your own local tools calling their own registries).
License
MIT
Built by SolidDark โ https://soliddark.net
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shinobi_scan-1.1.0.tar.gz.
File metadata
- Download URL: shinobi_scan-1.1.0.tar.gz
- Upload date:
- Size: 74.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3cf882f5f77b4b3554d9c0acf30936805cffe1880233873be100f392ab3d3225
|
|
| MD5 |
ee546437ee38b806e1d9e1c056cd9cb3
|
|
| BLAKE2b-256 |
a1eba085286da81f9f4514ce1ce3795b72be912d0e64cb37709c57e51533f948
|
File details
Details for the file shinobi_scan-1.1.0-py3-none-any.whl.
File metadata
- Download URL: shinobi_scan-1.1.0-py3-none-any.whl
- Upload date:
- Size: 78.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
46598e2f55ab28162a03ea8419910b9030488df17a2edc9b7d3a59d9708010ff
|
|
| MD5 |
a38116ad0db8a6cb99539a7d7246150e
|
|
| BLAKE2b-256 |
d4be486e88149462d917739af491c7fe80a46858ba70a16ae638a97d57972f13
|
