Skip to content

SamMintah/nullsec

Repository files navigation

Screenshot 2026-02-28 at 10 03 30 PM Screenshot 2026-02-28 at 10 00 57 PM

nullsec

nullsec is a desktop-style security scanner built for the AI app generation cycle.

Modern teams can ship full web apps in hours with tools like ChatGPT, Claude, Cursor, Bolt, and Lovable. Speed improved. Security usually did not.

nullsec helps close that gap by finding high-impact issues early, before release.

What nullsec targets

nullsec is tuned for vulnerability patterns common in AI-generated web apps:

  • skips critical security headers
  • hardcodes API keys in frontend code
  • leaves database files publicly accessible
  • fails to sanitize user input (SQL injection)
  • forgets to protect admin endpoints
  • exposes .env files and .git directories

Why teams use it

  • desktop-grade workflow that feels like an analyst tool, not a raw scanner dump
  • findings with severity, evidence, and remediation context
  • fast repeat scans during fix/verify cycles
  • useful for both security engineers and product developers

Think Of It As

  • focused offensive testing for vibe-coded applications
  • a security findings workbench with a desktop investigator UX
  • practical AppSec coverage for teams without a full-time security function

Run Locally

Prerequisites: Node.js

  1. Install dependencies: npm install
  2. Set the GEMINI_API_KEY in .env.local
  3. Run the app: npm run dev

Build

npm run build

Desktop App (Electron)

The frontend can now run as a desktop app.

Development mode

npm run desktop:dev

This starts Vite and Electron together.
Backend should still be running separately on http://localhost:3000.

Package desktop app

npm run desktop:build:dir

This generates an unpacked desktop build in:

desktop-dist/

For installer packages:

npm run desktop:build

About

AI-powered web vulnerability scanner with modules for XSS detection, SQL injection, API leak discovery, subdomain enumeration, directory brute-forcing, and port scanning. Built for authorized security testing with a real-time findings UI and scan history.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages