Goal
A "paste a URL, get a report" scanner for the low-hanging vulnerabilities most sites still ship with.
Build
- Server runs targeted probes: headers, TLS, exposed
.git, common admin paths, XSS reflectors. - Findings normalized to severity + remediation steps, rendered as a sharable report.
- Rate-limited per IP and per target; opt-in deeper scans require an auth'd account.
Outcome
A quick first pass before a real pentest. Catches the "should have been caught in CI" class of bugs.