Skip to content

haydary1986/seku

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

55 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

๐Ÿ›ก๏ธ Seku

Powered by Irtikaz Technical Solutions โ€” ุดุฑูƒุฉ ุงุฑุชูƒุงุฒ ู„ู„ุญู„ูˆู„ ุงู„ุชู‚ู†ูŠุฉ

The Open-Source Web Security Scanner with 1000-Point Scoring

Scan websites across 37 security categories with granular 0โ€“1000 scoring, OWASP Top 10 + CVSS v3.1 mapping, and automated remediation guides.

Go Version Vue.js License GitHub Stars Docker

Quick Start ยท Features ยท Documentation ยท Contributing


โšก Quick Start

# One-liner: scan any website
docker run --rm ghcr.io/haydary1986/seku example.com

# Or install the CLI
curl -sSL https://raw.githubusercontent.com/haydary1986/seku/main/install.sh | bash
vscan example.com

# Or use as GitHub Action
- uses: haydary1986/seku@v1
  with:
    url: https://example.com

Output:

โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘  Seku Security Report โ€” example.com              โ•‘
โ•‘  Score: 847/1000 (Grade: A)                      โ•‘
โ• โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•ฃ
โ•‘ โœ… SSL/TLS          โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–‘  950    โ•‘
โ•‘ โœ… Security Headers  โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–‘โ–‘โ–‘โ–‘  820    โ•‘
โ•‘ โš ๏ธ  HTTP Methods      โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–‘โ–‘โ–‘โ–‘โ–‘โ–‘  700    โ•‘
โ•‘ โŒ Mixed Content     โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘  400    โ•‘
โ•‘ ...                                               โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

โœจ Features

๐Ÿ” 22 Security Scan Categories

Core Security

  • ๐Ÿ”’ SSL/TLS (HTTPS, certs, TLS version)
  • ๐Ÿ›ก๏ธ Security Headers (HSTS, CSP, X-Frame)
  • ๐Ÿช Cookie Security (Secure, HttpOnly, SameSite)
  • ๐ŸŒ CORS Configuration
  • ๐Ÿ”‘ HTTP Methods (TRACE, DELETE blocking)
  • ๐Ÿ“ง DNS Security (SPF, DMARC, CAA)

Advanced Analysis

  • ๐Ÿฆ  Malware & Threats Detection
  • โšก XSS Vulnerability Scanner
  • ๐Ÿ“ฆ JS Library Vulnerabilities
  • ๐Ÿ”Œ Third-Party Script Risk
  • ๐Ÿ“„ WordPress Deep Scanner
  • ๐Ÿ—๏ธ SEO & Technical Health

Infrastructure

  • ๐Ÿš€ Hosting Quality (HTTP/2, HTTP/3, Brotli)
  • ๐Ÿ“Š Performance (TTFB, response time)
  • ๐Ÿ›ก๏ธ DDoS Protection (CDN, WAF)
  • ๐Ÿ” Content Optimization (cache, compression)
  • ๐Ÿ” Advanced Security (COEP, COOP, CORP)

Intelligence

  • ๐Ÿ•ต๏ธ Information Disclosure
  • ๐Ÿ“‚ Directory & File Exposure
  • ๐Ÿ–ฅ๏ธ Server Info Leakage
  • ๐Ÿ”— Mixed Content Detection
  • ๐Ÿง  Threat Intelligence (C2, blacklists)

๐Ÿ”ฌ Smart Analysis & Remediation

  • Multi-LLM Integration: Pluggable architecture supporting DeepSeek, OpenAI, Claude, Gemini, and Ollama
  • Interactive Chat: Ask questions about scan results and get contextual answers
  • Auto-Remediation Engine: Step-by-step fix guides for 7 server types (Apache, Nginx, IIS, LiteSpeed, Caddy, Tomcat, Node.js)
  • CVE-Aware Upgrades: Library vulnerability detection with upgrade recommendations

๐Ÿ“Š Enterprise Features

Feature Free Basic Pro Enterprise
Scan Categories 5 12 17 22
Targets 5 25 100 โˆž
Scans/month 10 50 200 โˆž
PDF Reports โŒ โœ… โœ… โœ…
SARIF Export โŒ โŒ โœ… โœ…
LLM Analysis โŒ 10/mo 50/mo โˆž
Scheduled Scans โŒ Weekly Daily Custom
API Access โŒ Read Full Full
Webhooks โŒ โŒ โœ… โœ…

๐Ÿ† Grading Scale

Grade Score Description
A+ 900โ€“1000 Excellent security posture
A 800โ€“899 Strong security
B 700โ€“799 Good with minor issues
C 600โ€“699 Average โ€” needs improvement
D 500โ€“599 Below average โ€” significant gaps
F 0โ€“499 Failing โ€” critical issues

๐Ÿš€ Installation

CLI (Recommended)

# macOS / Linux
curl -sSL https://raw.githubusercontent.com/haydary1986/seku/main/install.sh | bash

# Docker
docker pull ghcr.io/haydary1986/seku

# From source
git clone https://github.com/haydary1986/seku.git
cd seku/backend
go build -o vscan ./cmd/cli/main.go

Web Dashboard

git clone https://github.com/haydary1986/seku.git
cd seku
docker compose up -d
# Open http://localhost (admin / admin123)

๐Ÿ“– CLI Usage

# Scan a single URL
vscan example.com
vscan -url https://example.com

# Scan multiple URLs
vscan -urls "site1.com,site2.com,site3.com"

# Scan from file
vscan -file urls.txt

# JSON output
vscan example.com -output json -o results.json

# SARIF for GitHub Security tab
vscan example.com -output sarif -o results.sarif

# Filter by severity
vscan example.com -severity high

# Choose scan depth
vscan example.com -plan free        # 5 categories
vscan example.com -plan basic       # 12 categories
vscan example.com -plan pro         # 17 categories
vscan example.com -plan enterprise  # 22 categories (default)

๐Ÿ”ง GitHub Action

name: Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: haydary1986/seku@v1
        with:
          url: https://your-site.com
          output: sarif
          output-file: results.sarif
          fail-on-score: 700

      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

๐Ÿ—๏ธ Architecture

seku/
โ”œโ”€โ”€ backend/                    # Go API + CLI
โ”‚   โ”œโ”€โ”€ cmd/
โ”‚   โ”‚   โ”œโ”€โ”€ main.go            # Web server entry point
โ”‚   โ”‚   โ””โ”€โ”€ cli/main.go        # CLI tool
โ”‚   โ””โ”€โ”€ internal/
โ”‚       โ”œโ”€โ”€ scanner/           # 37 security scanners
โ”‚       โ”œโ”€โ”€ api/               # REST API handlers & middleware
โ”‚       โ”œโ”€โ”€ models/            # GORM data models
โ”‚       โ”œโ”€โ”€ services/          # PDF, SARIF, webhooks
โ”‚       โ”œโ”€โ”€ scheduler/         # Scheduled scan jobs
โ”‚       โ”œโ”€โ”€ reports/           # Report generation
โ”‚       โ””โ”€โ”€ ws/                # WebSocket real-time hub
โ”œโ”€โ”€ frontend/                   # Vue.js 3 SPA (22 views)
โ”‚   โ”œโ”€โ”€ src/views/             # Dashboard, Scans, AI Chat, etc.
โ”‚   โ””โ”€โ”€ Dockerfile
โ”œโ”€โ”€ action.yml                  # GitHub Action definition
โ”œโ”€โ”€ Dockerfile                  # Web dashboard container
โ”œโ”€โ”€ Dockerfile.cli              # CLI container
โ”œโ”€โ”€ docker-compose.yml          # Multi-service deployment
โ”œโ”€โ”€ install.sh                  # CLI installer
โ””โ”€โ”€ guides/                     # Security hardening guides

Tech Stack

Layer Technology
Backend Go 1.25, Fiber v2, GORM
Frontend Vue.js 3, Tailwind CSS 4, Chart.js, Vite
Database SQLite (dev) / PostgreSQL (production)
Real-time WebSocket with progress streaming
Deployment Docker, Docker Compose, Coolify
LLM Integration DeepSeek, OpenAI, Claude, Gemini, Ollama

๐Ÿ”Œ API

# Authenticate
TOKEN=$(curl -s -X POST https://your-instance.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username":"admin","password":"admin123"}' | jq -r '.token')

# Start a scan
curl -X POST https://your-instance.com/api/scans/start \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"My Scan","target_ids":[1,2,3]}'

# Get results
curl https://your-instance.com/api/results/1 \
  -H "Authorization: Bearer $TOKEN"

# Or use API Key (Pro / Enterprise)
curl https://your-instance.com/api/targets \
  -H "X-API-Key: vsk_your_key_here"
Full API Reference

Public Endpoints

Method Path Description
GET /health Health check
GET /api/criteria Full scoring methodology (JSON)
POST /api/auth/login User authentication
POST /api/auth/register User registration

Protected Endpoints (JWT Required)

Method Path Description
GET /api/dashboard Dashboard statistics with score distribution
GET /api/leaderboard Rankings with category & institution filtering
GET /api/targets List scan targets
POST /api/targets Add single target
POST /api/targets/bulk Bulk import targets via CSV
POST /api/scans/start Start batch security scan
GET /api/scans/:id Scan job details with real-time progress
GET /api/results/:id Detailed scan result with categorized checks
POST /api/ai/analyze/:id Generate security analysis
GET /api/ai/analysis/:id Retrieve analysis report

Admin Endpoints

Method Path Description
GET/POST /api/users User management
PUT/DELETE /api/users/:id Update / delete user
GET/PUT /api/settings System settings (LLM provider config)

๐Ÿ“Š OWASP Top 10 Mapping

Every finding maps to OWASP Top 10 (2021) and CWE identifiers:

OWASP Category Seku Coverage
A01 Broken Access Control CORS, HTTP Methods, Directory Exposure
A02 Cryptographic Failures SSL/TLS, Mixed Content
A03 Injection XSS Scanner, Malware Detection
A04 Insecure Design DDoS Protection, Rate Limiting
A05 Security Misconfiguration Security Headers, Server Info
A06 Vulnerable Components JS Libraries, WordPress Scanner
A07 Auth Failures DNS (SPF/DMARC), Cookie Security
A08 Data Integrity Failures Third-Party SRI, Content Optimization

โš™๏ธ Configuration

Environment Variables

Variable Default Description
DB_DRIVER sqlite Database driver (sqlite or postgres)
DB_PATH vscan.db SQLite database file path
DATABASE_URL โ€” PostgreSQL connection string
JWT_SECRET (built-in) JWT signing secret (change in production!)
ALLOWED_ORIGINS * CORS allowed origins

Coolify Deployment

  1. Create new resource with Dockerfile build pack
  2. Point to this repository
  3. Set port to 80
  4. Add persistent storage volume: /app/data

๐Ÿ“– Documentation

Document Language Description
Scanner Reference English Complete technical reference for all 37 scanners, 150+ individual checks, scoring thresholds, OWASP/CWE/CVSS mappings
ู…ุฑุฌุน ุงู„ูุงุญุตุงุช ุงู„ุนุฑุจูŠุฉ ุงู„ู…ุฑุฌุน ุงู„ุชู‚ู†ูŠ ุงู„ูƒุงู…ู„ ู„ุฌู…ูŠุน ุงู„ูุงุญุตุงุช ุงู„ู€ 25 ู…ุน ุดุฑุญ ุชูุตูŠู„ูŠ ู„ูƒู„ ูุญุต
Methodology English Public scoring methodology page
ู…ู†ู‡ุฌูŠุฉ ุงู„ุชู‚ูŠูŠู… ุงู„ุนุฑุจูŠุฉ ุตูุญุฉ ู…ุนุงูŠูŠุฑ ุงู„ุชู‚ูŠูŠู… ุงู„ุนุงู…ุฉ
Contributing English How to contribute to the project
API Docs English REST API documentation (JSON)

๐ŸŒ Internationalization

  • ๐Ÿ‡ฌ๐Ÿ‡ง English โ€” full support
  • ๐Ÿ‡ฎ๐Ÿ‡ถ Arabic โ€” full RTL support with dedicated methodology page
  • Scanner documentation available in both languages

๐Ÿ“‹ Scoring Methodology

The scoring system uses a weighted average approach:

  1. Each website is scanned across 37 categories (150+ individual checks)
  2. Each category contains multiple checks with individual weights
  3. Every check produces a score from 0 to 1000
  4. Category score = weighted average of its checks
  5. Overall score = weighted average of all category scores
  6. Each finding mapped to OWASP Top 10, CWE, and CVSS v3.1

The full methodology is publicly available and transparent โ€” no black boxes. See docs/SCANNERS.md for complete scoring details.

๐Ÿค Contributing

Contributions are welcome! See CONTRIBUTING.md for guidelines.

# Development setup
git clone https://github.com/haydary1986/seku.git
cd seku

# Backend
cd backend && go run ./cmd/main.go

# Frontend (separate terminal)
cd frontend && npm install && npm run dev

Open http://localhost:5173 โ€” default credentials: admin / admin123

๐Ÿ“ License

MIT License โ€” use it freely in your projects.

โญ Star History

If Seku helps secure your websites, please star the repo โ€” it helps others discover it!

Star History Chart


Designed & engineered by @haydary1986

Report Bug ยท Request Feature ยท Discussions

About

Vulnerability Scanner for Ministry of Higher Education - Batch security assessment tool for university websites

Resources

License

Contributing

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors