I used AI as my coding partner throughout this project – it helped me understand concepts, debug issues, and write code. Building with AI felt like having a patient tutor available 24/7. I learned way more than I would have just following tutorials.
What it does: - Security Testing: OWASP Top 10 (SQL injection, XSS, CSRF, etc.) - SEO Analysis: Meta tags, schema markup, Core Web Vitals - GEO Testing: Multi-region accessibility and latency - LLM Security: Prompt injection, jailbreaking, system prompt leakage, and "Denial of Wallet" attacks
The LLM security part was the most interesting to build. With everyone adding AI to their apps, I wanted to understand how prompt injection actually works and how to test for it.
Features: - Web UI with real-time console output - CLI for automation - Self-hosted (no data leaves your machine)
Tech: Python, Flask, pytest
GitHub: https://github.com/sastrophy/siteiq
I'd love feedback – are there vulnerabilities I'm missing? Any suggestions for the LLM attack payloads?
This is my first open source project, so any advice is welcome!
denuoweb•2mo ago
1. Command Injection Risk (CRITICAL) The web application passes user-controlled input directly to subprocess commands without proper sanitization. An attacker could inject malicious commands through the target_url, wordpress_path, llm_endpoint, or tests parameters. app.py:232-264
2. No Authentication (CRITICAL) All API endpoints are completely unauthenticated. Anyone can start security scans against arbitrary URLs, potentially using your server to attack others. app.py:481-516
3. Server-Side Request Forgery (HIGH) Users can provide any URL as the scan target, allowing attackers to scan internal networks, localhost services, or use your server as a proxy for attacks. app.py:484-493
4. No CSRF Protection (HIGH) POST endpoints lack CSRF token validation, making them vulnerable to cross-site request forgery attacks. app.py:481-482 app.py:567-568
5. No Rate Limiting (MEDIUM) Endpoints lack rate limiting, allowing abuse and denial-of-service attacks.
sastrophy•2mo ago