VulnScan Lite is an automated vulnerability scanner that allows you to easily scan any website for essential security metrics. With an elegant dark-mode React frontend and a highly concurrent FastAPI backend, VulnScan Lite instantly provides you with a security grade, automated findings, and remediation steps. It checks for critical HTTP security headers, verifies SSL/TLS configurations, and identifies Content Management Systems (CMS) with known vulnerabilities.
- FastAPI Backend: Asynchronous and blazing fast API for initiating and monitoring scans.
- Background Tasks with Celery & Redis: Offloads heavy tasks to keep the main application responsive.
- Multi-layered Scanner:
- Validates critical HTTP headers (HSTS, CSP, X-Frame-Options, etc.)
- Analyzes SSL/TLS certificate validity and configurations.
- Fingerprints common CMS (WordPress, Joomla, Drupal) and associated risk versions.
- Premium React UI: Uses Vite and Tailwind-style dark aesthetics for a modern look.
- PDF Reports: In-built automated report export for your scan results using
fpdf.
vulnscan-lite/
├── backend/ # Python FastAPI & Celery Application
│ ├── api/
│ │ └── routers/ # API endpoint routes (auth, history, etc.)
│ ├── auth/ # JWT Authentication utilities
│ ├── database/ # SQLite database configuration & SQLAlchemy
│ ├── models/ # SQLAlchemy definitions (Users, Scans)
│ ├── scanner/ # Core scanning logic modules (headers, ssl, cms)
│ ├── worker/ # Celery worker configuration and asynchronous tasks
│ ├── main.py # Main FastAPI entry point
│ └── requirements.txt # Python dependencies
├── frontend/ # React Application (Vite)
│ ├── public/
│ ├── src/
│ │ ├── components/ # Reusable UI components
│ │ ├── pages/ # Application views (Dashboard, Login)
│ │ ├── App.jsx # Main React App and Routing
│ │ └── main.jsx # React initialization
│ ├── package.json # Node dependencies
│ └── vite.config.js # Vite build configuration
└── README.md
- Python 3.9+
- Node.js 18+ and npm
- Redis Server (Required as the message broker for Celery)
Ensure you have Redis installed. Depending on your OS, start the server:
# MacOS (Homebrew)
brew services start redis
# Linux
sudo systemctl start redis
# Or directly in terminal
redis-serverNavigate to the backend directory, create a virtual environment, and install dependencies.
cd backend
python3 -m venv venv
source venv/bin/activate # On Windows use: venv\Scripts\activate
pip install -r requirements.txtOpen a new terminal, navigate to the frontend directory, and install dependencies.
cd frontend
npm installTo run the full stack locally, you need three separate terminal windows/tabs:
Window 1: Start the FastAPI Server
cd backend
source venv/bin/activate
uvicorn main:app --reload(The API will be available at http://127.0.0.1:8000)
Window 2: Start the Celery Worker
cd backend
source venv/bin/activate
celery -A worker.celery_app worker --loglevel=info(This will listen for security scan jobs)
Window 3: Start the React Frontend
cd frontend
npm run dev(The app will be available at http://localhost:5173 or similar based on Vite output)
- Provide a managed Redis cluster URL (like Aiven or Render's Redis) via an environment variable
REDIS_URL. - Update the
worker/celery_app.pybroker link to read from the environment variable. - Replace the SQLite database with an external PostgreSQL or MySQL instance, update
database/database.pyconnection strings string viaDATABASE_URL. - Run the Uvicorn application using
gunicorn:gunicorn main:app -w 4 -k uvicorn.workers.UvicornWorker
- Deploy a separate background worker instance to run the Celery command.
- Point your platform to the
frontenddirectory. - The build command is
npm run buildand output directory is usuallydist. - Add an environment file
.envto route the UI to your production backend URL:(Make sure to replace local fetch calls inside your React code to utilize this Env variable).VITE_API_BASE_URL=https://your-backend-api.com
This tool is intended for educational purposes and authorized security scanning only. Do not use against targets without explicit permission.