Vibe Vulnerability Scanner

Scans web applications for security vulnerabilities

Catch exploitable vulnerabilities before attackers do. Vibe Vulnerability Scanner is a powerful Chrome extension that performs real-time security scanning of web applications using CISA's Known Exploited Vulnerabilities (KEV) catalog with automatic NVD verification. 🔍 KEY FEATURES • Real-time Scanning - Automatic vulnerability detection on page load • CISA KEV Integration - Checks against official Known Exploited Vulnerabilities catalog • NVD Verification - Confirms vulnerable versions using NIST CVE data • Persistent History - Stores last 50 scans per domain • Export Results - Download findings as JSON or CSV • HTTP Header Analysis - Inspects security headers • Confidence Scoring - Distinguishes confirmed findings from heuristics • Privacy First - All scanning happens locally, no data collection 🛡️ WHAT GETS SCANNED Confirmed Issues: ✓ HTTP Scripts - Loading scripts over insecure HTTP ✓ Weak CSP - unsafe-inline or unsafe-eval in Content Security Policy ✓ Vulnerable Libraries - Confirmed KEV match with NVD verification ✓ Missing Security Headers - HSTS, X-Frame-Options, etc. Heuristic Patterns (Require Verification): • Inline Event Handlers - onclick, onerror, etc. • Secret Exposure - Pattern matching for API keys • innerHTML Usage - Potential XSS risk • Missing SRI - CDN scripts without integrity checks 📊 UNDERSTANDING RESULTS Results are categorized by confidence level: • HIGH - Strong evidence (e.g., confirmed HTTP script loading) • MEDIUM - Likely issue requiring verification • LOW - Weak signal requiring manual investigation And by finding category: • Confirmed - Objective fact • Probable - Likely issue based on strong evidence • Heuristic - Pattern-based detection requiring context 🔒 SECURITY & PRIVACY ✓ No External Data Transmission - All scanning is client-side ✓ No User Tracking - No analytics, no telemetry ✓ Minimal Permissions - Only activeTab, storage, alarms, tabs ✓ Safe Rendering - All content rendered via DOM APIs ✓ HTTPS Only - KEV catalog and NVD API calls use HTTPS ✓ Open Source - Full source code available on GitHub 🎯 PERFECT FOR • Security Professionals - Quick vulnerability assessment • Penetration Testers - Initial reconnaissance • Web Developers - Security hygiene checks during development • DevSecOps Teams - Shift-left security testing • Bug Bounty Hunters - Fast initial scanning 💡 HOW IT WORKS 1. Detects JavaScript libraries from script URLs and meta tags 2. Matches products against CISA KEV catalog 3. Fetches CVE details from NVD API for vulnerable version ranges 4. Compares detected versions to determine exposure 5. Provides actionable remediation guidance 🚀 GETTING STARTED 1. Install the extension 2. Navigate to any website 3. Click the extension icon 4. Review findings with severity breakdown 5. Expand details for remediation guidance 6. Export results if needed GitHub: https://github.com/ramukallepalli/vibe-vuln-scanner Documentation: https://github.com/ramukallepalli/vibe-vuln-scanner#readme Report Issues: https://github.com/ramukallepalli/vibe-vuln-scanner/issues Powered by CISA KEV and NIST NVD.