Powered by Irtikaz Technical Solutions โ ุดุฑูุฉ ุงุฑุชูุงุฒ ููุญููู ุงูุชูููุฉ
The Open-Source Web Security Scanner with 1000-Point Scoring
Scan websites across 37 security categories with granular 0โ1000 scoring, OWASP Top 10 + CVSS v3.1 mapping, and automated remediation guides.
Quick Start ยท Features ยท Documentation ยท Contributing
# One-liner: scan any website
docker run --rm ghcr.io/haydary1986/seku example.com
# Or install the CLI
curl -sSL https://raw.githubusercontent.com/haydary1986/seku/main/install.sh | bash
vscan example.com
# Or use as GitHub Action
- uses: haydary1986/seku@v1
with:
url: https://example.comOutput:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Seku Security Report โ example.com โ
โ Score: 847/1000 (Grade: A) โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ โ
SSL/TLS โโโโโโโโโโโโโโโโโโโโโ 950 โ
โ โ
Security Headers โโโโโโโโโโโโโโโโโโโโ 820 โ
โ โ ๏ธ HTTP Methods โโโโโโโโโโโโโโโโโโโโ 700 โ
โ โ Mixed Content โโโโโโโโโโโโโโโโโโโโ 400 โ
โ ... โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
|
Core Security
|
Advanced Analysis
|
|
Infrastructure
|
Intelligence
|
- Multi-LLM Integration: Pluggable architecture supporting DeepSeek, OpenAI, Claude, Gemini, and Ollama
- Interactive Chat: Ask questions about scan results and get contextual answers
- Auto-Remediation Engine: Step-by-step fix guides for 7 server types (Apache, Nginx, IIS, LiteSpeed, Caddy, Tomcat, Node.js)
- CVE-Aware Upgrades: Library vulnerability detection with upgrade recommendations
| Feature | Free | Basic | Pro | Enterprise |
|---|---|---|---|---|
| Scan Categories | 5 | 12 | 17 | 22 |
| Targets | 5 | 25 | 100 | โ |
| Scans/month | 10 | 50 | 200 | โ |
| PDF Reports | โ | โ | โ | โ |
| SARIF Export | โ | โ | โ | โ |
| LLM Analysis | โ | 10/mo | 50/mo | โ |
| Scheduled Scans | โ | Weekly | Daily | Custom |
| API Access | โ | Read | Full | Full |
| Webhooks | โ | โ | โ | โ |
| Grade | Score | Description |
|---|---|---|
| A+ | 900โ1000 | Excellent security posture |
| A | 800โ899 | Strong security |
| B | 700โ799 | Good with minor issues |
| C | 600โ699 | Average โ needs improvement |
| D | 500โ599 | Below average โ significant gaps |
| F | 0โ499 | Failing โ critical issues |
# macOS / Linux
curl -sSL https://raw.githubusercontent.com/haydary1986/seku/main/install.sh | bash
# Docker
docker pull ghcr.io/haydary1986/seku
# From source
git clone https://github.com/haydary1986/seku.git
cd seku/backend
go build -o vscan ./cmd/cli/main.gogit clone https://github.com/haydary1986/seku.git
cd seku
docker compose up -d
# Open http://localhost (admin / admin123)# Scan a single URL
vscan example.com
vscan -url https://example.com
# Scan multiple URLs
vscan -urls "site1.com,site2.com,site3.com"
# Scan from file
vscan -file urls.txt
# JSON output
vscan example.com -output json -o results.json
# SARIF for GitHub Security tab
vscan example.com -output sarif -o results.sarif
# Filter by severity
vscan example.com -severity high
# Choose scan depth
vscan example.com -plan free # 5 categories
vscan example.com -plan basic # 12 categories
vscan example.com -plan pro # 17 categories
vscan example.com -plan enterprise # 22 categories (default)name: Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: haydary1986/seku@v1
with:
url: https://your-site.com
output: sarif
output-file: results.sarif
fail-on-score: 700
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarifseku/
โโโ backend/ # Go API + CLI
โ โโโ cmd/
โ โ โโโ main.go # Web server entry point
โ โ โโโ cli/main.go # CLI tool
โ โโโ internal/
โ โโโ scanner/ # 37 security scanners
โ โโโ api/ # REST API handlers & middleware
โ โโโ models/ # GORM data models
โ โโโ services/ # PDF, SARIF, webhooks
โ โโโ scheduler/ # Scheduled scan jobs
โ โโโ reports/ # Report generation
โ โโโ ws/ # WebSocket real-time hub
โโโ frontend/ # Vue.js 3 SPA (22 views)
โ โโโ src/views/ # Dashboard, Scans, AI Chat, etc.
โ โโโ Dockerfile
โโโ action.yml # GitHub Action definition
โโโ Dockerfile # Web dashboard container
โโโ Dockerfile.cli # CLI container
โโโ docker-compose.yml # Multi-service deployment
โโโ install.sh # CLI installer
โโโ guides/ # Security hardening guides
| Layer | Technology |
|---|---|
| Backend | Go 1.25, Fiber v2, GORM |
| Frontend | Vue.js 3, Tailwind CSS 4, Chart.js, Vite |
| Database | SQLite (dev) / PostgreSQL (production) |
| Real-time | WebSocket with progress streaming |
| Deployment | Docker, Docker Compose, Coolify |
| LLM Integration | DeepSeek, OpenAI, Claude, Gemini, Ollama |
# Authenticate
TOKEN=$(curl -s -X POST https://your-instance.com/api/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"admin123"}' | jq -r '.token')
# Start a scan
curl -X POST https://your-instance.com/api/scans/start \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"My Scan","target_ids":[1,2,3]}'
# Get results
curl https://your-instance.com/api/results/1 \
-H "Authorization: Bearer $TOKEN"
# Or use API Key (Pro / Enterprise)
curl https://your-instance.com/api/targets \
-H "X-API-Key: vsk_your_key_here"Full API Reference
| Method | Path | Description |
|---|---|---|
GET |
/health |
Health check |
GET |
/api/criteria |
Full scoring methodology (JSON) |
POST |
/api/auth/login |
User authentication |
POST |
/api/auth/register |
User registration |
| Method | Path | Description |
|---|---|---|
GET |
/api/dashboard |
Dashboard statistics with score distribution |
GET |
/api/leaderboard |
Rankings with category & institution filtering |
GET |
/api/targets |
List scan targets |
POST |
/api/targets |
Add single target |
POST |
/api/targets/bulk |
Bulk import targets via CSV |
POST |
/api/scans/start |
Start batch security scan |
GET |
/api/scans/:id |
Scan job details with real-time progress |
GET |
/api/results/:id |
Detailed scan result with categorized checks |
POST |
/api/ai/analyze/:id |
Generate security analysis |
GET |
/api/ai/analysis/:id |
Retrieve analysis report |
| Method | Path | Description |
|---|---|---|
GET/POST |
/api/users |
User management |
PUT/DELETE |
/api/users/:id |
Update / delete user |
GET/PUT |
/api/settings |
System settings (LLM provider config) |
Every finding maps to OWASP Top 10 (2021) and CWE identifiers:
| OWASP | Category | Seku Coverage |
|---|---|---|
| A01 | Broken Access Control | CORS, HTTP Methods, Directory Exposure |
| A02 | Cryptographic Failures | SSL/TLS, Mixed Content |
| A03 | Injection | XSS Scanner, Malware Detection |
| A04 | Insecure Design | DDoS Protection, Rate Limiting |
| A05 | Security Misconfiguration | Security Headers, Server Info |
| A06 | Vulnerable Components | JS Libraries, WordPress Scanner |
| A07 | Auth Failures | DNS (SPF/DMARC), Cookie Security |
| A08 | Data Integrity Failures | Third-Party SRI, Content Optimization |
| Variable | Default | Description |
|---|---|---|
DB_DRIVER |
sqlite |
Database driver (sqlite or postgres) |
DB_PATH |
vscan.db |
SQLite database file path |
DATABASE_URL |
โ | PostgreSQL connection string |
JWT_SECRET |
(built-in) | JWT signing secret (change in production!) |
ALLOWED_ORIGINS |
* |
CORS allowed origins |
- Create new resource with Dockerfile build pack
- Point to this repository
- Set port to 80
- Add persistent storage volume:
/app/data
| Document | Language | Description |
|---|---|---|
| Scanner Reference | English | Complete technical reference for all 37 scanners, 150+ individual checks, scoring thresholds, OWASP/CWE/CVSS mappings |
| ู ุฑุฌุน ุงููุงุญุตุงุช | ุงูุนุฑุจูุฉ | ุงูู ุฑุฌุน ุงูุชููู ุงููุงู ู ูุฌู ูุน ุงููุงุญุตุงุช ุงูู 25 ู ุน ุดุฑุญ ุชูุตููู ููู ูุญุต |
| Methodology | English | Public scoring methodology page |
| ู ููุฌูุฉ ุงูุชูููู | ุงูุนุฑุจูุฉ | ุตูุญุฉ ู ุนุงููุฑ ุงูุชูููู ุงูุนุงู ุฉ |
| Contributing | English | How to contribute to the project |
| API Docs | English | REST API documentation (JSON) |
- ๐ฌ๐ง English โ full support
- ๐ฎ๐ถ Arabic โ full RTL support with dedicated methodology page
- Scanner documentation available in both languages
The scoring system uses a weighted average approach:
- Each website is scanned across 37 categories (150+ individual checks)
- Each category contains multiple checks with individual weights
- Every check produces a score from 0 to 1000
- Category score = weighted average of its checks
- Overall score = weighted average of all category scores
- Each finding mapped to OWASP Top 10, CWE, and CVSS v3.1
The full methodology is publicly available and transparent โ no black boxes. See docs/SCANNERS.md for complete scoring details.
Contributions are welcome! See CONTRIBUTING.md for guidelines.
# Development setup
git clone https://github.com/haydary1986/seku.git
cd seku
# Backend
cd backend && go run ./cmd/main.go
# Frontend (separate terminal)
cd frontend && npm install && npm run devOpen http://localhost:5173 โ default credentials: admin / admin123
MIT License โ use it freely in your projects.
If Seku helps secure your websites, please star the repo โ it helps others discover it!