npx to run a one-off scan of a website:
npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]
The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:
$ npx is-website-vulnerableWoops! You forgot to provide a URL of a website to scan.? Please provide a URL to scan: › https://example.com...
To build and run the container locally:
# Clone Repo:git clone https://github.com/lirantal/is-website-vulnerable.git# Change to repo's cloned directory:cd is-website-vulnerable# Build Image locally:docker build --no-cache -t lirantal/is-website-vulnerable:latest .# Run container:docker run --rm -e SCAN_URL="" lirantal/is-website-vulnerable:latest
SCAN_URL is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.
⚠️ A modern version of Chrome is assumed to be available when using
is-website-vulnerable. It may not be safe to assume that this is satisfied automatically on some CI services. For example, additional configuration is necessary for Travis CI.
Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:
You can install globally via:
npm install -g is-website-vulnerable
Please consult CONTRIBUTING for guidelines on contributing to this project.