Info Disclosure Scanner.
AI-powered scanner for information disclosure vulnerabilities
Overview
An AI-powered security scanner that detects sensitive information leakage in web applications using Claude AI. Finds exposed .git repos, .env files, database dumps, admin panels, stack traces, and secrets in JavaScript.
What It Detects
| Severity | Examples |
|---|---|
| High | Exposed .git repos, .env files, database dumps, hardcoded passwords |
| Medium | Admin panels, stack traces, secrets in JavaScript, debug endpoints |
| Low | Server version disclosure, robots.txt, technology fingerprinting |
| Info | Missing security headers (CSP, HSTS, X-Frame-Options) |
Demo with OWASP Juice Shop
docker run -d -p 3000:3000 bkimminich/juice-shop
python scanner.py http://localhost:3000 --html report.html
# Finds 80+ vulnerabilitiesHow It Works
1
Scan
Checks 50+ sensitive paths, response headers, JavaScript files, and error responses for information leakage.
2
AI Analysis
Claude AI analyzes findings to identify real information disclosure vulnerabilities with severity ratings.
3
Report
Generate HTML reports with risk scores and detailed findings. Also supports Markdown, JSON, and SARIF output.
Tech Stack
PythonClaude APIHTML Reports