View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009707Kali LinuxNew Tool Requestspublic2026-05-23 11:042026-05-25 07:49
Reporterseraphimhub Assigned Todaniruiz  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0009707: seraphim-audit: authorized non-destructive website security auditing CLI
Description

[Name] - seraphim-audit
[Version] - v1.0.0
[Homepage] - https://github.com/seraphimhub/seraphim-audit
[Download] - https://github.com/seraphimhub/seraphim-audit/releases/tag/v1.0.0
[Author] - Barik Ghofur (seraphimhub)
[License] - MIT
[Description] - seraphim-audit is a CLI tool for authorized, non-destructive website security auditing. It performs checks across eight categories: DNS resolution, TLS handshake and certificate validity, HTTP security headers (HSTS, CSP, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-Frame-Options), CORS configuration, cookie flags (Secure, HttpOnly, SameSite), HTML form analysis (password-over-HTTP detection, autocomplete, CSRF token heuristic), mixed content detection, passive secret-pattern scanning (AWS keys, Google API keys, Slack tokens, JWT, generic credential patterns), sensitive HTML comment detection, meta generator disclosure, and directory listing identification. Produces text, JSON, and Markdown reports with a severity-based scoring system (100-point scale, penalty per finding: critical=25, high=15, medium=8, low=3, info=0). Requires --authorized flag for consent confirmation. Exit codes: 0=success, 2=invalid input/no authorization, 130=SIGINT.
[Dependencies] - Python 3.10+ (standard library only: socket, ssl, urllib, html.parser, argparse, json, dataclasses, datetime, re, pathlib). Zero external packages required.
[Similar tools] - nikto, wapiti, testssl.sh, ssh-audit, headers-check
[Activity] - Initial release May 23, 2026 (v1.0.0). Active development by author with CI pipeline.
[How to install] - sudo dpkg -i seraphim-audit_1.0.0_all.deb
or: pip install git+https://github.com/seraphimhub/seraphim-audit.git
[How to use] - seraphim-audit https://example.com --authorized
seraphim-audit https://example.com --authorized --format json --output report.json
seraphim-audit https://example.com --authorized --format markdown --max-pages 10
[Packaged] - Yes. Debian package (.deb) is attached to the GitHub release. Package has been tested on Kali Linux Rolling. pyproject.toml builds via setuptools (Python 3.10+). Makefile provides: make test, make smoke, make deb, make apt-repo.

Key differentiators:

  1. Zero external dependencies — only Python 3.10+ standard library. No pip install required.
  2. Pre-built Debian package attached to release (16.7 KB).
  3. Non-destructive by design — no exploit, brute force, or aggressive payload.
  4. Multiple output formats: text, JSON, Markdown.
  5. Severity scoring system with automatic deduplication.
  6. Requires explicit --authorized flag for legal/ethical boundary.
  7. SHA-256 verification available on release assets.

Activities

daniruiz

daniruiz

2026-05-25 07:49

manager   ~0021708

Hello,

Thanks for your submission. We can’t package every infosec tool, so we prioritize those with wider adoption and community usage.

Best of luck with your project.

Issue History

Date Modified Username Field Change
2026-05-23 11:04 seraphimhub New Issue
2026-05-25 07:49 daniruiz Note Added: 0021708
2026-05-25 07:49 daniruiz Assigned To => daniruiz
2026-05-25 07:49 daniruiz Status new => closed
2026-05-25 07:49 daniruiz Resolution open => won't fix