Plexicus Indago - Real-time website security audit tool

A lightweight web security audit tool for Pentesters and DevSecOps. Automatically audits websites for vulnerabilities as you browse.

Plexicus Indago is a powerful, lightweight web security audit tool built directly into your browser. Designed for security researchers, Pentesters, and DevSecOps engineers, Indago automatically audits the websites you visit to identify underlying vulnerabilities before they can be exploited. From identifying outdated React components to uncovering hardcoded API keys, Indago provides a transparent window into the security posture of any web application. Key Features - Vulnerability Scanner (CVE Integration): Automatically identifies outdated libraries and cross-references them with the CVE (Common Vulnerabilities and Exposures) database to highlight known risks. - React2Shell & Logic Detection: Specialized detection for React-specific vulnerabilities and insecure client-side logic execution. - Secret & Sensitive Data Sniffer: Scans page source and network traffic for hardcoded secrets, including API keys, AWS tokens, and private credentials. - Injection & XSS Guard: Real-time monitoring for Cross-Site Scripting (XSS) risks and potential injection points in forms and URL parameters. - Security Headers: Analyzes CSP, HSTS, X-Frame-Options, and more. - CSRF Protection: Detects missing anti-CSRF tokens on critical actions. Third-Party Script Monitor: Tracks and audits external scripts to prevent supply-chain attacks and unauthorized data exfiltration.