security.txt Auditor avatar

security.txt Auditor

Pricing

from $4.90 / 1,000 domain auditeds

Go to Apify Store
security.txt Auditor

security.txt Auditor

Audit presence and RFC-style validity of public security disclosure files.

Pricing

from $4.90 / 1,000 domain auditeds

Rating

0.0

(0)

Developer

junipr

junipr

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

2 days ago

Last modified

Categories

Share

What It Does

Audit presence and RFC-style validity of public security disclosure files.

This local package is part of the Junipr Apify actors 171-200 premium build for ChatGPT review.

What It Does Not Do

  • It does not call live Apify APIs.
  • It does not publish, upload Store assets, create public tasks, or configure live PPE.
  • It does not claim publish readiness.
  • It does not make unbounded network calls in the local fixture path.

Input Fields

Seed shape: domains or URLs, maxDomains, timeoutMs, strictMode, includeSummary

The tiny fixture is available at examples/input.tiny.json and mirrored at fixtures/input.tiny.json for the local runner.

Output Fields

  • domain
  • checkedUrl
  • found
  • isValid
  • contacts
  • expires
  • canonical
  • issues
  • severity

Pricing / PPE Events

Pricing is local configuration only.

  • Model: PPE
  • Status: LOCAL_CONFIG_ONLY_NOT_LIVE
  • Paid output event: domain-audited
  • Pass-through usage: OFF by default. Browser, proxy, and high-volume external request modes are not enabled in this local build.

Public Task Examples

Check security.txt expiry for a domain

  • Search intent: check security.txt expiry for a domain
  • Specific input: Fixture input shaped for check security.txt expiry for a domain.
  • Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
  • Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.

Verify vulnerability disclosure contacts

  • Search intent: verify vulnerability disclosure contacts
  • Specific input: Fixture input shaped for verify vulnerability disclosure contacts.
  • Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
  • Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.

Audit canonical security.txt location

  • Search intent: audit canonical security.txt location
  • Specific input: Fixture input shaped for audit canonical security.txt location.
  • Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
  • Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.

Find missing disclosure metadata for a client site

  • Search intent: find missing disclosure metadata for a client site
  • Specific input: Fixture input shaped for find missing disclosure metadata for a client site.
  • Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
  • Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.

Review bug-bounty readiness before public launch

  • Search intent: review bug-bounty readiness before public launch
  • Specific input: Fixture input shaped for review bug-bounty readiness before public launch.
  • Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
  • Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.

Tests

  • Actor-specific fixture tests live in test/security-txt-auditor.test.ts.
  • Node-based local suites validate dataset schema conformance, output samples, local smoke runs, and PPE guard behavior.

FAQ

Is this live on Apify?

No. This is a local package for ChatGPT review only.

Is it publish-ready?

No. It needs later live tiny-run validation and console configuration before any publication decision.