Complete step-by-step guide to get the Vulnerability Scanner running on your machine.
Before starting, ensure you have the required software installed:
# Check Node.js (need 18+)
node --version
# Check Python (need 3.8+)
python3 --version
# Check npm
npm --versionIf you're missing any, install from:
- Node.js: https://nodejs.org/
- Python: https://www.python.org/
git clone https://github.com/dev0558/vulnerability-scanner.git
cd vulnerability-scanner- Go to https://upstash.com
- Click "Sign up" (you can use your GitHub account)
- Click "Create Database"
- Name it:
scanner-queue - Type: Regional
- Region: Choose the closest to you
- Click "Create"
Once created, you'll see your Redis dashboard. Copy these three values (you'll need all of them):
- REST URL:
https://xxxxx.upstash.io - REST Token:
AXxxxxx... - TCP URL:
rediss://default:xxxxx@xxxxx.upstash.io:6379
Save these somewhere safe - you'll use them in the next steps.
Navigate to the frontend directory and install dependencies:
cd frontend
npm installCreate your environment file:
cp .env.local.example .env.local
nano .env.localAdd your Upstash Redis credentials:
UPSTASH_REDIS_REST_URL=https://xxxxx.upstash.io
UPSTASH_REDIS_REST_TOKEN=AXxxxxx...
Replace xxxxx with your actual Redis credentials from Upstash. Save the file with Ctrl+X, then Y, then Enter.
Verify the file was created:
cat .env.localYou should see your credentials displayed.
Go back to the project root and setup the Python worker:
cd ../worker
pip install -r requirements.txtThis installs all Python dependencies needed for the scanner.
Open a new terminal window and navigate to the worker directory:
cd ~/vulnerability-scanner/worker
export REDIS_URL="rediss://default:PASSWORD@HOST.upstash.io:6379"
python worker.pyReplace PASSWORD@HOST with your actual TCP URL credentials from Upstash.
You should see:
Worker started, waiting for jobs...
This means the worker is running and ready to process scans. Leave this terminal open.
Open another new terminal window and start the frontend:
cd ~/vulnerability-scanner/frontend
npm run devYou should see:
Ready in XXXms
This means the frontend is running.
Open your web browser and go to:
http://localhost:3000
You should see the Vulnerability Scanner interface with a URL input field.
- In the browser, enter a test URL:
https://example.com - Click the "Start Scan" button
- Watch the worker terminal - you'll see it pick up the job
- Wait 10-30 seconds for the scan to complete
- View the results in your browser
The results will show:
- Open ports
- SSL/TLS certificate info
- Security headers status
- Server software detected
- HTTP methods allowed
These websites are safe and designed for testing:
- https://example.com (basic test)
- https://httpbin.org (API testing)
- https://scanme.nmap.org (security testing)
This means the worker can't connect to Redis. Check:
- Your Redis URL is correct
- URL starts with
rediss://(double 's') - Password and host are copied correctly
- You can access upstash.com website
Try re-exporting the URL:
export REDIS_URL="rediss://default:PASSWORD@HOST.upstash.io:6379"This means the frontend can't reach Upstash. Check:
.env.localfile exists in frontend directory- REST URL and REST Token are correct
- Restart the dev server:
Ctrl+Cthennpm run dev
Reinstall dependencies:
For frontend:
cd frontend
rm -rf node_modules
npm install
npm run devFor worker:
cd worker
pip install -r requirements.txt
python worker.pyPort 3000 might be in use. Try:
npm run dev -- -p 3001Then access http://localhost:3001
This could be due to:
- Network issues
- Target website is slow or blocked
- Firewall blocking port scans
Try scanning a different website like https://example.com
Once everything is running, here's what you have:
Frontend (http://localhost:3000):
- Next.js React application
- Sends scan requests to API
- Receives real-time results
- Beautiful UI with Tailwind CSS
Backend/API (part of frontend):
- Next.js API routes
- Submits jobs to Redis queue
- Retrieves results from Redis
Worker (separate process):
- Python application
- Reads jobs from Redis queue
- Performs actual security scans
- Stores results back to Redis
Redis (cloud):
- Upstash handles this
- Queues incoming scan jobs
- Stores scan results temporarily
- Manages communication between frontend and worker
After successfully running your first scan:
- Read the main README.md for more details
- Try scanning your own websites (if you own them)
- Check the PROJECT_REPORT.md for technical details
- Explore the code in
frontend/app/page.jsandworker/scanner.py - Modify scans to add new security checks
- Keep both terminals open (worker and frontend) while using the app
- Check the worker terminal to see scan progress
- Results are cached for 24 hours in Redis
- You can stop either process with
Ctrl+Cand restart without losing data
If you encounter issues:
- Check this guide again for your specific problem
- Read error messages carefully - they usually tell you what's wrong
- Verify all credentials are copied correctly
- Check your internet connection
- Open an issue on GitHub: https://github.com/dev0558/vulnerability-scanner/issues
# Start worker
cd ~/vulnerability-scanner/worker
export REDIS_URL="rediss://default:PASSWORD@HOST.upstash.io:6379"
python worker.py
# Start frontend (new terminal)
cd ~/vulnerability-scanner/frontend
npm run dev
# Check Node version
node --version
# Check Python version
python3 --version
# Install frontend deps
cd frontend && npm install
# Install worker deps
cd worker && pip install -r requirements.txt
# View environment variables
cat frontend/.env.local
# Stop any process
Ctrl+CThat's it! You're ready to scan. Happy testing!