A dual-platform static vulnerability scanner for Android and Web applications.
- Auto-Detection: Automatically detects if the project is Android or Web.
- Web Scanning: Uses
Banditto find security issues in Python code. - Android Scanning: Uses
MobSF(via Docker) for deep APK analysis. - Reporting: Output to Console (Rich Table), HTML, or JSON.
- CI/CD Ready: Exit codes for passing/failing builds based on severity.
Install directly via pip:
pip install secuscan
secuscan scan .curl -sL https://raw.githubusercontent.com/nkuv/SecuScan/main/docker/docker-compose.yml | docker-compose -f - run --rm secuscan scan /scanAlternative: Direct Docker Run (Web only)
docker pull secuscan/secuscan:latest
docker run --rm -v ${PWD}:/scan secuscan/secuscan:latest scan /scangit clone https://github.com/nkuv/SecuScan.git
cd SecuScan
python3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -e .secuscan scan .secuscan scan . --format table # Pretty table (default via console)
secuscan scan . --format console # Text list
secuscan scan . --format json --output report.json
secuscan scan . --format html --output report.htmlSecuScan will exit with code 1 if any HIGH or CRITICAL vulnerabilities are found.
steps:
- name: Security Scan
uses: docker://secuscan/secuscan:latest
with:
args: scan .