A fully offline, local desktop security analyzer for AI-generated web projects. Detects vulnerabilities before deployment through static analysis (SAST), dynamic analysis (DAST on localhost only), and dependency review.
- 100% Offline Operation - No data leaves your machine
- Static Analysis (SAST) - Python, JavaScript/TypeScript code scanning
- Dependency Scanning - requirements.txt, package.json vulnerability detection
- Configuration Analysis - .env, settings.py security checks
- Local Web Scanning - Security headers and endpoint analysis (localhost only)
- AI Fix Prompts - Generate structured prompts for ChatGPT/Claude
- Professional GUI - Dark theme PyQt6 interface
- CLI Mode - Command-line operation for CI/CD integration
- Python 3.11 or higher
- Windows, macOS, or Linux
# Clone repository
git clone https://github.com/tworjaga/SecureMySite.git
cd SecureMySite
# Create virtual environment
python -m venv venv
# Activate virtual environment
# Windows:
venv\Scripts\activate
# macOS/Linux:
source venv/bin/activate
# Install dependencies
pip install -r requirements.txtLaunch the application without arguments:
python main.pyScan a project directory:
python main.py /path/to/projectWith web scanning:
python main.py /path/to/project --url http://localhost:8000Export results:
python main.py /path/to/project --export json --output report.jsonGenerate AI fix prompt:
python main.py /path/to/project --promptThe application calculates a security score from 0-100:
| Score | Grade | Risk Level |
|---|---|---|
| 80-100 | A+ to A | Safe |
| 60-79 | B+ to B | Moderate |
| 40-59 | C+ to C | High Risk |
| 0-39 | D+ to F | Critical Risk |
- CRITICAL (-15 points): RCE, exposed secrets, SQL injection
- HIGH (-10 points): XSS, open CORS, missing CSP
- MEDIUM (-5 points): Missing headers, debug configs
- LOW (-2 points): Best practice violations
- Detects eval/exec usage
- SQL injection patterns
- Hardcoded credentials
- Debug mode enabled
- Unsafe deserialization
- Path traversal risks
- DOM XSS (innerHTML)
- eval() usage
- localStorage token storage
- Exposed API keys
- CORS misconfigurations
- .env file exposure
- Debug settings
- Hardcoded secrets
- Insecure cookie flags
- requirements.txt analysis
- package.json analysis
- Local vulnerability database (100+ CVEs)
- Security headers check
- Cookie flag analysis
- Dangerous endpoint detection
- CORS policy validation
secure_my_site/
├── main.py # Entry point
├── app.py # Application controller
├── core/
│ ├── engine.py # Analysis orchestrator
│ ├── file_loader.py # Safe file discovery
│ └── config.py # Configuration
├── scanners/
│ ├── base_scanner.py # Abstract base class
│ ├── python_sast.py # Python analysis
│ ├── js_scanner.py # JavaScript analysis
│ ├── config_scanner.py # Config file analysis
│ ├── dependency_scanner.py # Dependency audit
│ └── web_scanner.py # Localhost web scan
├── models/
│ ├── vulnerability.py # Data model
│ └── scan_result.py # Results container
├── scoring/
│ ├── severity.py # Classification rules
│ └── score_engine.py # Score calculation
├── prompt_engine/
│ └── prompt_builder.py # AI prompt generation
├── gui/
│ ├── main_window.py # Primary window
│ ├── components.py # UI widgets
│ └── theme.py # Dark theme
└── utils/
├── helpers.py # Utilities
└── validators.py # Input validation
pip install pyinstaller
pyinstaller build.specThe executable will be in dist/SecureMySite.exe.
pip install -r requirements-dev.txt
pytestblack .mypy .- Path Traversal Prevention - All file operations resolve paths within target directory only
- No Code Execution - Never executes code from scanned projects
- Memory Limits - 10MB per file, 500MB total project size
- URL Validation - Web scanner rejects non-localhost URLs
MIT License - See LICENSE file for details.
Contributions welcome. Please follow conventional commit format:
feat:New featuresfix:Bug fixesrefactor:Code refactoringdocs:Documentationstyle:Formatting
- GitHub Issues: https://github.com/tworjaga/SecureMySite/issues
- Telegram: @al7exy