npx to run a one-off scan of a website:
npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]
The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:
$ npx is-website-vulnerable Woops! You forgot to provide a URL of a website to scan. ? Please provide a URL to scan: › https://example.com ...
If the CLI detects an error, it will terminate with an exit code different from 0.
Exit Code 0: Everything is fine. No vulnerabilities found.
Exit Code 1: An error happened during the execution. Check the logs for details.
Exit Code 2: Vulnerabilities were found. Check the logs for details.
To build and run the container locally:
# Clone Repo: git clone https://github.com/lirantal/is-website-vulnerable.git # Change to repo's cloned directory: cd is-website-vulnerable # Build Image locally: docker build --no-cache -t lirantal/is-website-vulnerable:latest . # Run container: docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest
SCAN_URL is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.
is-website-vulnerable. It may not be safe to assume that this is satisfied automatically on some CI services. For example, additional configuration is necessary for Travis CI.
Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:
You can install globally via:
npm install -g is-website-vulnerable
Please consult CONTRIBUTING for guidelines on contributing to this project.