Website Trust & Exposure Auditor
Open-source passive web auditing platform combining Security, SEO, AI Exposure, Privacy and Supply Chain analysis into a single risk-oriented assessment framework.
🔗 Live dashboard → sheiscypher.github.io/websec-search-auditor
Main command:
audit https://example.com
Produces: global score, risk prioritisation, remediation plan, HTML report, business impact, technical evidence.
Audit modules
| Module | Checks |
|---|---|
| Security | HTTP Headers, TLS, Exposed Files, CMS + CVE |
| SEO | Meta tags, E-E-A-T, JSON-LD, Technical SEO |
| AI Surface | llms.txt, AI crawlers, MCP endpoint |
| SPF, DKIM, DMARC | |
| Vibe Coding Risk | 15 signals of AI-developed code without security review |
| GDPR / RGPD | CMP, Trackers, Legal pages |
| Supply Chain | JS Libraries, CDN, SRI |
| Accessibility | WCAG / RGAA |
| DNS Security | DNSSEC, CAA |
| Secrets Exposure | API Keys, JWT, Sensitive files |
Local installation (Claude Desktop)
git clone https://github.com/sheiscypher/websec-search-auditor
cd websec-search-auditor
pip install -r requirements.txt
cp .env.example .env
# Fill in .env if needed
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"websec-auditor": {
"command": "python",
"args": ["/absolute/path/to/websec-search-auditor/server.py"],
"env": {}
}
}
}
Restart Claude Desktop. Type audit https://yoursite.com.
Deployment
Backend (Render)
- Create a Web Service on render.com
- Connect this GitHub repo
- Render auto-detects
render.yaml - Add
JWT_SECRETenv variable in Render Dashboard - Optional:
NVD_API_KEYfor CVE lookups
Dashboard (GitHub Pages)
- Go to Settings > Pages in the repo
- Source: GitHub Actions
- Add
VITE_API_URLvariable in Settings > Environments > github-pages - Build triggers automatically on every push to
main
Security
- Passive audit only — no modification of the target site
- Built-in SSRF protection
- Built-in indirect prompt injection protection
- 28/28 security tests passing
Licence
AGPL v3 — see SPEC-LICENSE
