ShadowSec Panel v13

Shadow DOM UI with advanced OWASP-aligned checks: v10.3 UI + v5 depth + intrusive probes (SQLi/IDOR/SSRF/Rate-limit) and heuristics (ports/cache/fingerprinting). Live summary, filters, search, export, copy, and a Settings page for wordlists and options.

Vous devrez installer une extension telle que Tampermonkey, Greasemonkey ou Violentmonkey pour installer ce script.

Vous devrez installer une extension telle que Tampermonkey pour installer ce script.

Vous devrez installer une extension telle que Tampermonkey ou Violentmonkey pour installer ce script.

Vous devrez installer une extension telle que Tampermonkey ou Userscripts pour installer ce script.

Vous devrez installer une extension telle que Tampermonkey pour installer ce script.

Vous devrez installer une extension de gestionnaire de script utilisateur pour installer ce script.

(J'ai déjà un gestionnaire de scripts utilisateur, laissez-moi l'installer !)

Advertisement:

Vous devrez installer une extension telle que Stylus pour installer ce style.

Vous devrez installer une extension telle que Stylus pour installer ce style.

Vous devrez installer une extension telle que Stylus pour installer ce style.

Vous devrez installer une extension du gestionnaire de style pour utilisateur pour installer ce style.

Vous devrez installer une extension du gestionnaire de style pour utilisateur pour installer ce style.

Vous devrez installer une extension du gestionnaire de style pour utilisateur pour installer ce style.

(J'ai déjà un gestionnaire de style utilisateur, laissez-moi l'installer!)

Advertisement:

Auteur
Erik Galstyan
Installations quotidiennes
0
Installations (total)
39
Notes
0 0 0
Version
13.0.1
Créé
28/08/2025
Mis à jour
28/08/2025
Taille
58,3 ko
Licence
MIT
S'applique à
Tous les sites

🔐 ShadowSec Panel: DOM Website Security Panel

ShadowSec is a Tampermonkey userscript that injects a powerful website security auditing panel directly into your browser. It's built with a modern Shadow DOM UI and runs a wide range of security checks with real-time reporting.

⚠️ This tool is intended for educational purposes and for auditing your own websites only!


✨ Features

🖥 Modern User Interface

  • Shadow DOM isolation - unaffected by site CSS/JS.
  • Dark/Light theme toggle.
  • Expandable test result groups with <details> sections.
  • Severity filters (High / Medium / Low).
  • Instant log search box.
  • Live summary dashboard.

⚙️ Panel Settings

  • Configure external wordlist URL for directory probing.
  • Set maximum number of probe requests per scan.
  • Settings persist across sessions.

🔍 Security Checks

ShadowSec merges the strict, detailed checks from earlier versions with new recon and fuzzing modules for broader coverage.

🔹 Recon & Infrastructure

  • Open Ports (heuristic) → Probes common web/database ports via fetch/WebSocket.
  • Extended Directory Probing → Built-in paths + harvested links + optional GitHub wordlist.
  • Outdated Libraries → Detects old jQuery/other frameworks.
  • GraphQL Introspection → Detects exposed GraphQL schemas.
  • Advanced Fingerprinting → Canvas, AudioContext, Battery API, WebGL, etc.

🔹 OWASP Headers & Configs

  • OWASP Headers Compliance → CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP/COEP, Cache-Control.
  • CORS Policy → Detects wildcards / insecure origins.
  • Cache Poisoning Risks → Looks for unkeyed headers.
  • Clickjacking → Detects iframe embedding and missing sandbox.

🔹 Input & Data Security

  • Cookies → Checks Secure, HttpOnly, SameSite.
  • Forms & CSRF → Detects missing CSRF tokens, insecure password/file inputs.
  • IDOR Detection → Flags sequential/numeric IDs, probes variations.
  • SSRF Detection → Looks for dangerous fetch/proxy parameters.
  • SQL Injection Hints → Payload fuzzing for error leakage.
  • CSTI (Client-Side Template Injection) → Detects Angular/Vue-style injection.

🔹 XSS & Script Security

  • Inline Event Handlers → Flags on*= attributes.
  • DOM-based XSS → Detects reflected query params.
  • XSS Payload Fuzzing → Multiple payloads, intrusive optional.
  • CSP Effectiveness → Checks for unsafe-inline / unsafe-eval.
  • Subresource Integrity (SRI) → Verifies integrity attributes.
  • Third-Party Scripts → Detects external domains.

🔹 Privacy & Authentication

  • WebRTC & Geolocation → Flags available APIs.
  • WebSocket Security → Insecure ws:// connections.
  • Service Workers → Detects registered scopes.
  • Browser Fingerprinting → Canvas, Audio, Battery, WebGL.
  • Broken Authentication → Session fixation, weak JWTs.
  • Rate Limiting Test → Repeated requests to forms/APIs.

📂 Export & Reports

  • Export findings to JSON file.
  • Copy findings to clipboard.
  • Logs grouped by test with severity colors.

⚠️ Disclaimer

This tool is for educational purposes and auditing your own websites only.
Running it against third-party websites without permission may be illegal.
The author is not responsible for misuse.