Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lirantal/is-website-vulnerable
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
https://github.com/lirantal/is-website-vulnerable
hacktoberfest lighthouse nodejs scan security security-vulnerabilities vulnerabilities
Last synced: 2 days ago
JSON representation
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
- Host: GitHub
- URL: https://github.com/lirantal/is-website-vulnerable
- Owner: lirantal
- License: apache-2.0
- Created: 2019-10-05T10:52:11.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2024-09-12T17:47:03.000Z (3 months ago)
- Last Synced: 2024-10-29T15:45:27.107Z (about 1 month ago)
- Topics: hacktoberfest, lighthouse, nodejs, scan, security, security-vulnerabilities, vulnerabilities
- Language: JavaScript
- Homepage:
- Size: 687 KB
- Stars: 1,935
- Watchers: 22
- Forks: 111
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-github-star - is-website-vulnerable
README
is-website-vulnerable
finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
Many thanks to for supporting open source security
# About
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
# Usage
## Command line
Using Node.js's `npx` to run a one-off scan of a website:
```bash
npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]
```The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:
```bash
$ npx is-website-vulnerable
Woops! You forgot to provide a URL of a website to scan.
? Please provide a URL to scan: › https://example.com
...
```### Exit codes
If the CLI detects an error, it will terminate with an exit code different from 0.
Exit Code 0: Everything is fine. No vulnerabilities found.
Exit Code 1: An error happened during the execution. Check the logs for details.
Exit Code 2: Vulnerabilities were found. Check the logs for details.
## Docker
To build and run the container locally:
```bash
# Clone Repo:
git clone https://github.com/lirantal/is-website-vulnerable.git# Change to repo's cloned directory:
cd is-website-vulnerable# Build Image locally:
docker build --no-cache -t lirantal/is-website-vulnerable:latest .# Run container:
docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest
````SCAN_URL` is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.
If you wish to provide command line arguments to `is-website-vulnerable` and customize the run, such as providing `--json` or other supported arguments, you should omit the environment variable and provide the full command. Here is an example:
```
docker run --rm lirantal/is-website-vulnerable:latest https://www.google.com --json
```:warning: A modern version of Chrome is assumed to be available when using `is-website-vulnerable`. It may not be safe to assume that this is satisfied automatically on some CI services. For example, [additional configuration](https://docs.travis-ci.com/user/chrome#selecting-a-chrome-version) is necessary for [Travis CI](https://travis-ci.com/).
# GitHub Action
Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:```yaml
name: Test site for publicly known js vulnerabilitieson: push
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Test for public javascript library vulnerabilities
uses: lirantal/is-website-vulnerable@main
with:
scan-url: "https://yoursite.com"
```# Install
You can install globally via:
```bash
npm install -g is-website-vulnerable
```# Learn Node.js Security
![Screenshot 2024-09-12 at 20 14 27](https://github.com/user-attachments/assets/586f3151-eed9-4542-92f1-de9237f6783c)
Learn Node.js Secure Coding techniques and best practices from Liran Tal
# Contributing
Please consult [CONTRIBUTING](./CONTRIBUTING.md) for guidelines on contributing to this project.
# Author
**is-website-vulnerable** © [Liran Tal](https://github.com/lirantal), Released under the [Apache-2.0](./LICENSE) License.