View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009707Kali LinuxNew Tool Requestspublic2026-05-23 11:042026-05-23 11:04
Reporterseraphimhub Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0009707: seraphim-audit: authorized non-destructive website security auditing CLI
Description

[Name] - seraphim-audit
[Version] - v1.0.0
[Homepage] - https://github.com/seraphimhub/seraphim-audit
[Download] - https://github.com/seraphimhub/seraphim-audit/releases/tag/v1.0.0
[Author] - Barik Ghofur (seraphimhub)
[License] - MIT
[Description] - seraphim-audit is a CLI tool for authorized, non-destructive website security auditing. It performs checks across eight categories: DNS resolution, TLS handshake and certificate validity, HTTP security headers (HSTS, CSP, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-Frame-Options), CORS configuration, cookie flags (Secure, HttpOnly, SameSite), HTML form analysis (password-over-HTTP detection, autocomplete, CSRF token heuristic), mixed content detection, passive secret-pattern scanning (AWS keys, Google API keys, Slack tokens, JWT, generic credential patterns), sensitive HTML comment detection, meta generator disclosure, and directory listing identification. Produces text, JSON, and Markdown reports with a severity-based scoring system (100-point scale, penalty per finding: critical=25, high=15, medium=8, low=3, info=0). Requires --authorized flag for consent confirmation. Exit codes: 0=success, 2=invalid input/no authorization, 130=SIGINT.
[Dependencies] - Python 3.10+ (standard library only: socket, ssl, urllib, html.parser, argparse, json, dataclasses, datetime, re, pathlib). Zero external packages required.
[Similar tools] - nikto, wapiti, testssl.sh, ssh-audit, headers-check
[Activity] - Initial release May 23, 2026 (v1.0.0). Active development by author with CI pipeline.
[How to install] - sudo dpkg -i seraphim-audit_1.0.0_all.deb
or: pip install git+https://github.com/seraphimhub/seraphim-audit.git
[How to use] - seraphim-audit https://example.com --authorized
seraphim-audit https://example.com --authorized --format json --output report.json
seraphim-audit https://example.com --authorized --format markdown --max-pages 10
[Packaged] - Yes. Debian package (.deb) is attached to the GitHub release. Package has been tested on Kali Linux Rolling. pyproject.toml builds via setuptools (Python 3.10+). Makefile provides: make test, make smoke, make deb, make apt-repo.

Key differentiators:

  1. Zero external dependencies — only Python 3.10+ standard library. No pip install required.
  2. Pre-built Debian package attached to release (16.7 KB).
  3. Non-destructive by design — no exploit, brute force, or aggressive payload.
  4. Multiple output formats: text, JSON, Markdown.
  5. Severity scoring system with automatic deduplication.
  6. Requires explicit --authorized flag for legal/ethical boundary.
  7. SHA-256 verification available on release assets.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2026-05-23 11:04 seraphimhub New Issue