Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lirantal/is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
https://github.com/lirantal/is-website-vulnerable

hacktoberfest lighthouse nodejs scan security security-vulnerabilities vulnerabilities

Last synced: about 1 month ago
JSON representation

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Awesome Lists containing this project

README 

        


  is-website-vulnerable






  finds publicly known security vulnerabilities in a website's frontend JavaScript libraries






  npm version

  license

  downloads

  build

  codecov

  Known Vulnerabilities

  Responsible Disclosure Policy






  Screenshot of npm module called is website vulnerable that detects security vulnerabilities in websites based on Snyk database

  


  	
Many thanks to  for supporting open source security



# About



Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.



# Usage



## Command line



Using Node.js's `npx` to run a one-off scan of a website:



```bash

npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]

```



The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:



```bash

$ npx is-website-vulnerable

Woops! You forgot to provide a URL of a website to scan.

? Please provide a URL to scan: › https://example.com

...

```



### Exit codes



If the CLI detects an error, it will terminate with an exit code different from 0.



Exit Code 0: Everything is fine. No vulnerabilities found.



Exit Code 1: An error happened during the execution. Check the logs for details.



Exit Code 2: Vulnerabilities were found. Check the logs for details.



## Docker



To build and run the container locally:



```bash

# Clone Repo:

git clone https://github.com/lirantal/is-website-vulnerable.git



# Change to repo's cloned directory:

cd is-website-vulnerable



# Build Image locally:

docker build --no-cache -t lirantal/is-website-vulnerable:latest .



# Run container:

docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest

```



`SCAN_URL` is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.



If you wish to provide command line arguments to `is-website-vulnerable` and customize the run, such as providing `--json` or other supported arguments, you should omit the environment variable and provide the full command. Here is an example:



```

docker run --rm lirantal/is-website-vulnerable:latest https://www.google.com --json

```



:warning: A modern version of Chrome is assumed to be available when using `is-website-vulnerable`. It may not be safe to assume that this is satisfied automatically on some CI services. For example, [additional configuration](https://docs.travis-ci.com/user/chrome#selecting-a-chrome-version) is necessary for [Travis CI](https://travis-ci.com/).



# GitHub Action

Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:



```yaml

name: Test site for publicly known js vulnerabilities



on: push

jobs:

  security:

    runs-on: ubuntu-latest

    steps:

      - name: Test for public javascript library vulnerabilities 

        uses: lirantal/is-website-vulnerable@main

        with:

          scan-url: "https://yoursite.com"

```



# Install



You can install globally via:



```bash

npm install -g is-website-vulnerable

```



# Contributing



Please consult [CONTRIBUTING](./CONTRIBUTING.md) for guidelines on contributing to this project.



# Author



**is-website-vulnerable** © [Liran Tal](https://github.com/lirantal), Released under the [Apache-2.0](./LICENSE) License.