🛡️ Website Security Auditor & JS Secrets Scanner

🌟 Key Features

• ⚡ Blazing Fast: Built on Python asyncio and aiohttp for concurrent scanning of hundreds of scripts.
• 🔍 Deep Inspection: Scans inline scripts, external JS files, and CDN resources.
• 🛡️ Signature Based: Detects 80+ types of secrets including:
  • Google API Keys & Firebase Configs
  • AWS Access Keys & Secrets
  • Slack, Stripe, & GitHub Tokens
  • Private Keys (RSA/DSA)
  • Database Connection Strings (MongoDB, Postgres)
• 📉 Low False Positives: Intelligent context analysis to ignore example code and comments.
• JSON Output: Clean, structured data ready for integration with other DevSecOps tools.

---

📊 Sample Output

The tool provides findings in a structured JSON format:

[
  {
    "finding_type": "Google API Key",
    "severity": "CRITICAL",
    "match": "AIzaSyBwQcjgmXUAsw5r4FZXO5t8_EZ_aUm_TGE",
    "source_url": "[https://example.com/assets/main.bundle.js](https://example.com/assets/main.bundle.js)",
    "context": "apiKey: \"AIzaSyBwQcjgmXUAsw5r4FZXO5t8_EZ_aUm_TGE\", authDomain:...",
    "hash": "5d41402abc4b2a76b9719d911017c592"
  },
  {
    "finding_type": "Potential XSS Sink",
    "severity": "MEDIUM",
    "match": ".innerHTML =",
    "source_url": "[https://example.com/js/ui-utils.js](https://example.com/js/ui-utils.js)",
    "context": "document.getElementById('app').innerHTML = userInput;",
    "hash": "a1b2c3d4e5f6..."
  }
]