Small web app for PYMEs / SMBs without a security team: enter a domain you are allowed to assess and receive a passive, plain-language snapshot of public signals (not a pen test or “real-time threat” feed). Originally shaped for a def/acc hackathon (Hack LATAM) — defensive resilience, not offensive tooling.
pnpm install
pnpm devOpen http://localhost:3000.
Other package managers:
npm install && npm run dev
# or
yarn install && yarn dev- Enter
example.comorhttps://www.example.com(URLs are normalized to a hostname). - Click Start scan.
- Review Modules (status per recon step) and Findings (severity + short explanation).
Example targets: cloudflare.com, github.com, or your own domain.
Note: Raw IPv4 addresses are accepted as input, but subdomain discovery via certificate transparency requires a domain — for IPs, subdomain_enum is marked skipped with an explanatory message.
- Normalized target — how the server interpreted your input (
domainvsip). - Modules — each recon module reports
ok,error, orskipped, plus timing when relevant. - Findings —
critical/medium/lowbadges, a title, a plain-language explanation, and optional metadata (e.g. a list of hostnames from public cert logs).
Scans use public data, DNS lookups, and a normal HTTPS handshake on port 443 to surface certificate transparency (crt.sh), SPF/DMARC/DKIM hints (dns_health), and leaf TLS metadata (tls_check). No exploitation, credential stuffing, or disruptive scanning intent. See docs/threat-model.md and docs/privacy-and-data-sources.md.
- Implemented modules: see docs/recon-modules.md and
src/lib/recon/run-scan.ts: certificate transparency, SPF/DMARC/DKIM hints, TLS on port 443, optional passive OSINT (security.txt, HTTPS headers, MTA‑STS/TLS‑RPT/BIMI, DNSSEC hint); deep-mode extras include legacy TLS, SPF/DMARC policy parsing, CAA. Optional pasted emails (same apex) extend OSINT hostname coverage (POST /api/scanemails). - Roadmap (CONTEXT / init / recon-modules): richer inputs (company-name resolution, IP ranges), Shodan, SSL Labs–style grading, WHOIS/HIBP, streaming UI — not all wired here yet.
- Streaming UI / partial SSE updates are not implemented — one JSON response per
POST /api/scan. - Optional AI insights use OpenRouter; copy
.env.exampleto.env.localforOPENROUTER_API_KEYif you enable that route.
| Doc | Audience |
|---|---|
| Overview | Everyone |
| User guide | End users / judges |
| API reference | Integrators |
| Architecture | Developers |
| Recon modules | What runs today vs roadmap |
| Severity system | Reading results |
| Threat model | Security & abuse posture |
| Privacy & data sources | Data sent externally |
| Troubleshooting | When scans fail |
| Developer setup | Extending the app |
| Def/Acc alignment & scoring roadmap | Track fit, demos, prioritized improvements |
| Command | Description |
|---|---|
pnpm dev |
Development server |
pnpm build |
Production build |
pnpm start |
Run production server |
pnpm lint |
ESLint |
pnpm test |
Vitest (unit checks, e.g. email-domain parsing helpers) |
- Next.js (App Router) — Next.js docs
- React + TypeScript
- Tailwind CSS v4