shieldnet

v0.3.2

Published

10 days ago

AI Security Scanner for AI agents, MCP servers, and web applications

Downloads

782

0High
0Medium
0Low

hash.exe

security scanner ai-agents mcp pentest vulnerability elizaos nosana red-team appsec

🛡 ShieldNet

AI Security Scanner — find vulnerabilities before attackers do. Scan web apps, APIs, MCP servers, and AI agents with 26 attack modules and 600+ payloads.

Zero dependencies. Pure Node.js. 12,000+ lines of security tooling.

🌐 Live Demo: scan.bughunt.tech

🚀 Quick Start

# Install globally
npm install -g shieldnet

# Scan a URL
shieldnet https://your-app.com

# Scan with Red Team (active attacks)
shieldnet https://your-app.com --pentest

# Scan a GitHub repo
shieldnet --github https://github.com/owner/repo

✨ What Makes ShieldNet Different

| Feature | ShieldNet | Snyk | OWASP ZAP | Nikto | |---------|-----------|------|-----------|-------| | Zero dependencies | ✅ | ❌ 200+ | ❌ Java | ❌ Perl | | AI agent scanning | ✅ | ❌ | ❌ | ❌ | | Red Team engine | ✅ 26 modules | ❌ | ✅ | ❌ | | Live attack replay | ✅ | ❌ | ❌ | ❌ | | Industry benchmarks | ✅ | ❌ | ❌ | ❌ | | Auto-fix code | ✅ | ✅ | ❌ | ❌ | | Single binary | ✅ npm | ❌ | ❌ | ❌ |

🔍 Features

Passive Scanner (25+ checks)

Port scanning — top 50 ports with service detection
Security headers — CSP, HSTS, X-Frame-Options, etc.
CORS — misconfiguration detection
Secrets — 42 patterns (API keys, AWS, JWT, etc.)
Dependencies — OSV.dev CVE database lookup
SSL/TLS — certificate validation
Tech fingerprinting — framework/server detection + known CVEs
Rate limiting — detection & bypass testing

⚔️ Red Team Engine (26 attack modules)

SQL Injection (52 payloads)
Cross-Site Scripting (81 payloads)
SSRF (35 payloads)
Path Traversal (21 payloads)
Command Injection (22 payloads)
Authentication Bypass
CORS Exploitation
Open Redirect
IDOR
Rate Limit Bypass
Default Credentials (31 combos)
JWT Attacks (15 payloads)

📊 Reports

A-F Grading with score (0-100)
Industry benchmarks — "Better than X% of scanned sites"
Hacker's View — narrative of how an attacker would exploit findings
Live Attack Replay — animated terminal showing the attack
Auto-fix suggestions — ready-to-paste code for nginx/express/apache
5 formats — HTML, PDF, Executive Summary, Technical, Pentest

📦 API

# URL scan
curl -X POST https://scan.bughunt.tech/scan/url \
  -H "Content-Type: application/json" \
  -d '{"target": "https://example.com"}'

# GitHub repo scan
curl -X POST https://scan.bughunt.tech/scan/github \
  -H "Content-Type: application/json" \
  -d '{"repo": "https://github.com/owner/repo"}'

# Code analysis
curl -X POST https://scan.bughunt.tech/scan/code \
  -H "Content-Type: application/json" \
  -d '{"code": "eval(req.query.cmd)"}'

# Red Team pentest
curl -X POST https://scan.bughunt.tech/pentest \
  -H "Content-Type: application/json" \
  -d '{"target": "https://example.com"}'

⚙️ GitHub Action

name: Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: hhhashexe/shieldnet-action@v1
        with:
          target: 'https://your-app.com'
          fail-grade: 'D'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

🔌 Integrations

GitHub Action — scan on every push
Chrome Extension — scan any page with one click
VS Code Extension — scan from your editor
Slack Bot — /shieldnet scan url
Discord Bot — !scan url
n8n Workflow — visual automation
Zapier — webhook integration
Docker — docker run shieldnet
Python Client — pip install shieldnet

🐳 Docker

docker build -t shieldnet .
docker run -p 3853:3853 shieldnet

🏗 Self-Hosted

git clone https://github.com/hhhashexe/shieldnet.git
cd shieldnet
node src/server.js
# → http://localhost:3853

No npm install needed. Zero dependencies.

📜 License

🔗 Links

Live Scanner: scan.bughunt.tech
npm: npmjs.com/package/shieldnet
GitHub Action: shieldnet-action
Security: bughunt.tech