u/CNRC0

Passive scanners usually give you a raw list of findings and leave the interpretation to you. This one uses Ollama to run a local language model on the results, so you get findings mapped to OWASP Top 10 categories with CVSS scores and actionable context, without anything leaving your machine.

It makes a single HTTP request and analyses what comes back: missing or misconfigured security headers, weak TLS settings, exposed server version strings, cookie flags. The kind of low-hanging fruit attackers look for before going deeper.

Useful as a first-pass check before active testing with Burp or Nikto.

https://meetcyber.net/the-open-source-website-security-scanner-that-runs-entirely-on-your-laptop-87ac34daa30f

Most passive scanners give you a raw list of findings and leave the interpretation to you. This one uses Ollama to run a local language model on the results, so you get findings mapped to OWASP Top 10 categories with CVSS scores and actionable context, without anything leaving your machine.

It makes a single HTTP request and analyses what comes back: missing or misconfigured security headers, weak TLS settings, exposed server version strings, cookie flags. The kind of low-hanging fruit attackers look for before going deeper.

Useful as a first-pass check before active testing with Burp or Nikto.

Interesting read: https://meetcyber.net/the-open-source-website-security-scanner-that-runs-entirely-on-your-laptop-87ac34daa30f