{"id":43932801,"url":"https://dmtkfs.github.io/security-webtools/","last_synced_at":"2026-02-18T18:00:48.773Z","repository":{"id":327415090,"uuid":"1109211208","full_name":"dmtkfs/security-webtools","owner":"dmtkfs","description":"Local-first browser-based security tools for developers and defenders. No backend, no data sent anywhere.","archived":false,"fork":false,"pushed_at":"2025-12-22T15:16:39.000Z","size":2081,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-24T02:40:28.093Z","etag":null,"topics":["blue-team","client-side","cloud-security","devsecops","docker-security","local-first","log-analysis","mitre-attack","multi-cloud","network-security","privacy-by-design","react","security","security-monitoring","security-tools","siem","static-analysis","threat-simulation","vite","web-security"],"latest_commit_sha":null,"homepage":"https://dmtkfs.github.io/security-webtools/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dmtkfs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-03T13:46:33.000Z","updated_at":"2025-12-22T15:16:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"fe51f5ed-a9f3-4ce8-aba3-eab2c8656fba","html_url":"https://github.com/dmtkfs/security-webtools","commit_stats":null,"previous_names":["dmtkfs/security-webtools"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dmtkfs/security-webtools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmtkfs%2Fsecurity-webtools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmtkfs%2Fsecurity-webtools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmtkfs%2Fsecurity-webtools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmtkfs%2Fsecurity-webtools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dmtkfs","download_url":"https://codeload.github.com/dmtkfs/security-webtools/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmtkfs%2Fsecurity-webtools/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29588776,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T16:55:40.614Z","status":"ssl_error","status_checked_at":"2026-02-18T16:55:37.558Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blue-team","client-side","cloud-security","devsecops","docker-security","local-first","log-analysis","mitre-attack","multi-cloud","network-security","privacy-by-design","react","security","security-monitoring","security-tools","siem","static-analysis","threat-simulation","vite","web-security"],"created_at":"2026-02-07T00:18:56.457Z","updated_at":"2026-02-18T18:00:48.768Z","avatar_url":"https://github.com/dmtkfs.png","language":"JavaScript","readme":"# Security Webtools\n\n### Local-first security tools for developers \u0026 defenders\n\n\u003e _Security Webtools is a growing collection of **browser-based security utilities** designed for developers, DevOps engineers and defenders.\n\u003e All tools run **100% locally in your browser**. No servers, no uploads, no telemetry. Sensitive inputs never leave your machine.\n\u003e This suite aims to make common security checks **fast, private and easy**, directly in your browser._\n\n## Why local-first?\n\nMost online “security scanners” require you to upload configuration files, secrets or application metadata. Security Webtools avoids this entirely:\n\n- No backend\n- No servers or API calls\n- No data ever leaves your device\n- File uploads are processed **locally in your browser only**\n- Everything runs client-side\n\nPerfect for enterprise environments, red/blue teams and developers who cannot upload internal files to external services.\n\n## Current Tools\n\n### **1. Docker Image Security Analyzer (v0.1)**\n\nAnalyze any Dockerfile for common security flaws and hardening issues.\n\n**Features:**\n\n- Checks for insecure patterns (777, root user, exposed admin ports, unpinned images, secrets in `ENV`, unsafe downloads)\n- Multi-stage build optimization hints\n- apt/apk best-practice linting\n- Jump-to-line: clicking a finding highlights the matching line in the editor\n- Severity filters (High / Warning / Info)\n- Export findings as JSON or Markdown\n- Clean UI with scrollable findings panel\n- Runs fully in-browser\n\n### **2. Local Network Exposure Map (v0.2)**\n\nVisualize Nmap XML or generic JSON scan results to see exposed hosts, risky services and subnet-level clusters.\n\n**Features:**\n\n- Parses Nmap XML output (-oX) and generic JSON ({ hosts: [...] })\n- Assigns Low / Medium / High risk per host with explanatory risk notes\n- Detects high-risk services (RDP, SMB, SSH, MySQL, VNC, HTTP, etc.)\n- Host view: cards with open ports, services and risk badges\n- Subnet view: /24 cluster map with color-coded host dots\n- Filters: search by IP/hostname, only-up hosts, high+medium only\n- Shows top exposed services in the current view\n- Export current view as JSON, Markdown, CSV or copy a Markdown report\n- All parsing and analysis runs fully in-browser\n\n### 3. **Cloud Misconfiguration Scanner (v0.3)**\n\nAnalyze AWS, Azure or GCP JSON exports for common network, storage and IAM misconfigurations locally in the browser.\n\n**Features:**\n\n- Automatically detects platform (AWS / Azure / GCP) from the JSON structure\n- Network checks: 0.0.0.0/0 on SSH/RDP/admin ports, broad “allow all ports” rules, Azure NSG Internet rules\n- Storage checks: public read/write buckets, encryption disabled, versioning disabled\n- IAM checks: wildcard actions/resources, public members (allUsers/allAuthenticatedUsers), highly-privileged roles\n- Severity filters (High / Warning / Info)\n- Search box to filter by title, description, resource or rule id\n- Category chips and summary for network / storage / IAM issues\n- Export the current view as JSON or Markdown or copy a Markdown report\n- All analysis is performed client-side on the provided file/text\n\n### 4. **Threat Simulation Playground (v0.4)**\n\nStep through realistic multi-stage attack scenarios, analyze static logs and build detection skills entirely in your browser.\n\n**Features:**\n\n- 14 realistic attacker scenarios across phishing, cloud abuse, credential attacks, EDR evasion, lateral movement, crypto-mining, SaaS abuse \u0026 more\n- Step-by-step timelines with MITRE ATT\u0026CK mappings\n- Static sample logs across multiple log sources (IDP, EDR, proxy, cloud, auth logs, container logs, etc.)\n- Defender-perspective notes + key detection signals\n- Interview Mode: hide hints to test your detection skills\n- Tag filtering (EDR, Cloud, AD, Identity, Network, SaaS, etc.)\n- Deterministic per-visit randomization for IPs, users, hosts, request IDs\n- Export full scenario or individual step as Markdown\n- Notes panel stored locally in your browser\n\n### 5. **Web Surface Analyzer (v0.5)**\n\nAnalyze a website’s browser-side posture from pasted responses: security headers, tech-stack fingerprints and client-side HTML issues without making network requests.\n\n**Features:**\n\n- Security header analysis: CSP, HSTS, XFO, XCTO, Referrer-Policy, COOP/COEP/CORP, Permissions-Policy \u0026 cookie flags\n- Tech-stack fingerprinting from raw HTML (CMS, JS frameworks, CDNs, hosting hints, analytics, rendering mode)\n- Client-side HTML review for risky patterns (inline JS, mixed content, unsafe forms, javascript: URLs, inline event handlers, sensitive comments and more)\n- Severity badges and filtering controls\n- Export results as Markdown or copy summaries\n- Fully static: no fetching, scanning or external requests\n\n### **6. Mini SIEM (v0.6)**\n\nUpload security and authentication logs, normalize events into a unified schema, run local correlation rules and explore alerts through time-windowed analytics entirely in your browser.\n\n**Features:**\n\n- **_Multi-format log ingestion (auto-detection):_**\n  - JSON/JSONL (generic, Azure AD , CloudTrail, Okta, etc.)\n  - CSV (generic timestamp/IP/user exports, Mini SIEM format round-trip)\n  - Linux SSH/`auth.log` syslog\n  - Apache/Nginx access logs\n  - Windows Security (auth-focused exports)\n- **_Canonical event normalization:_**\n  - Timestamp parsing (ISO strings, epoch seconds/ms, numeric strings)\n  - Normalized outcomes (success/fail) across auth, HTTP, cloud and syslog sources\n  - Unified event model (IP, user, event type, outcome, protocol-specific fields)\n  - Preserves raw log lines for inspection and export\n- **_Parsing quality indicators:_**\n  - Parsed vs total records\n  - Coverage metrics and dataset time span\n- **_Time-windowed analytics:_**\n  - Presets: All time, last 1h/6h/12h/24h/7d/30d/12 months\n  - Adaptive event-density histogram with automatic or manual bucket sizing\n- **_Authentication analytics:_**\n  - Auth outcomes over time (success vs failure)\n  - Auth distribution (success/fail split)\n  - Failed authentication attempts by username\n- **_Entity \u0026 activity analytics:_**\n  - Top noisy source IPs\n  - Top usernames\n  - Event type breakdown\n  - Top destinations (IP/host)\n- **_Detection \u0026 alerting (local correlation rules):_**\n  - Bruteforce, password spray, suspicious success, noisy IPs, isolated failures\n  - Optional geo-anomaly detections via user-provided IP-to-region mappings\n  - Configurable \"Home\" regions and enable/disable geo logic\n  - Alert severity levels (high/medium/low)\n  - Alerts grouped by severity and rule category\n- **_Investigation workflow:_**\n  - Free-text search across normalized fields\n  - Alert-to-logs pivot (\"view related events\")\n  - Highlighted matches with raw log context\n- **_Overview dashboard:_**\n  - Statistics scoped to the selected time window\n  - Events, IPs, users, auth outcomes and alert counts\n- **_Export capabilities:_**\n  - Parsed events and alerts as JSON or CSV\n  - Alerts also export as Markdown or copy-to-clipboard\n  - Per-chart PNG exports with time window + bucket context\n  - Full overview PNG export (stats, charts, alerts, metadata)\n- **_Fully local execution:_**\n  - All parsing, correlation and visualization runs client-side in the browser\n\n### **7. Cyber Hygiene Planner (v0.7)**\n\nAnswer a short, profile-aware questionnaire and receive a prioritized, actionable security roadmap fully generated in your browser.\n\n**Features:**\n\n- _Multi-step wizard tailored to:_\n  - Personal/home use\n  - Freelancers/contractors\n  - Small organizations (1-20 people)\n- Industry context support (general, payments, sensitive client data, online services)\n- _Covers core security domains:_\n  - Identity \u0026 Access\n  - Devices \u0026 Endpoints\n  - Data \u0026 Backups\n  - Network \u0026 Cloud\n  - Monitoring \u0026 Incident Response\n- _Generates:_\n  - **Quick Wins** (high-impact, low-effort actions)\n  - **Full Action Plan** grouped by domain and priority\n- Clear effort and ownership indicators (Self / With IT)\n- Evidence-aware reasoning (what triggered each recommendation)\n- Export action plans as PDF, Markdown, CSV, JSON\n\n## Upcoming Tools \u0026 Roadmap\n\nSecurity Webtools will expand into a full suite of privacy-first analysis utilities:\n\n### **Planned tools:**\n\n- Docker Image Security Analyzer (extended version)\n\n_These will be rolled out incrementally._\n\n## Architecture\n\nSecurity Webtools is a **React + Vite** single-page application with:\n\n- TailwindCSS\n- Pure client-side JavaScript analysis modules\n- No backend of any kind\n- In-memory state for tool inputs and results\n\n_Every tool is isolated with its own rules \u0026 UI._\n\n## Website\n\n\u003e Current live version: v0.7.0 - _Cyber Hygiene Planner release_\n\n## License\n\nThis project is licensed under the **Apache License 2.0**.\n\n_See [`LICENSE`](LICENSE) for full terms._\n\n## Author\n\nCreated and maintained by [`dmtkfs`](https://github.com/dmtkfs).\nSecurity researcher \u0026 engineer focused on practical, privacy-first tooling.\n\n_Feedback, ideas and bug reports are welcome._\n\n## Support \u0026 Updates\n\nIf you find this project interesting or useful, consider starring the repository. It helps with visibility and motivates further development.\n","funding_links":[],"categories":["Multi-Purpose Security"],"sub_categories":["Security Webtools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/dmtkfs.github.io%2Fsecurity-webtools%2F","html_url":"https://awesome.ecosyste.ms/projects/dmtkfs.github.io%2Fsecurity-webtools%2F","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/dmtkfs.github.io%2Fsecurity-webtools%2F/lists"}