This project is a Python-based security scanner that works with both GitHub repositories and local directories. Currently, it scans only Python files for vulnerabilities, using Bandit for code analysis and checking for exposed secrets in configuration files.
- Clone GitHub Repositories: Automatically clone a GitHub repository to scan it.
- Code Scanning: Uses Bandit to find security issues in Python code.
- Configuration Scanning: Detects exposed secrets in
.envfiles. - Reports: Generates detailed reports in the
reports/directory.
python3 cmd/main.py https://github.com/user/repo.gitpython3 cmd/main.py /path/to/local/directoryTo see the scanner in action, you can use a deliberately vulnerable Flask project. From the project root, run the scanner with the following command:
python3 cmd/main.py https://github.com/we45/Vulnerable-Flask-App.gitThis example uses Vulnerable-Flask-App which is an intentionally vulnerable Flask application. Running the command will scan the project for vulnerabilities and generate reports in the reports/ directory.
Install the required Python packages with:
pip install -r requirements.txt- Vulnerability Scan Report:
vulnerability_scan_report.txt - Final Security Report:
security_report.json
Feel free to fork this repository and submit pull requests to improve the scanner.