Crawl web applications with a headless browser, run 10 built-in vulnerability plugins, and pipe results through OpenAI, Anthropic, Gemini, or Mistral for context-aware remediation reports.
npm install -g kramscancopyXSS, SQL injection, CSRF, insecure headers, CORS misconfigurations, open redirects — detected automatically across every crawled page.
Point it at localhost, change a file, and KramScan re-scans instantly. Shows a diff of new vs. resolved findings after each save.
Exits with code 1 when vulns exceed your threshold. Drop one line into GitHub Actions and block insecure deploys.
Puppeteer-powered browser renders SPAs and executes JavaScript to catch issues hidden from static analysis.
Conversational security assistant that independently verifies reported findings using non-destructive payloads.
PDF, DOCX, Markdown, JSON, and TXT. AI executive summaries included. Every report ships with remediation steps.
Each plugin extends BaseVulnerabilityPlugin. Drop a new file into src/plugins/vulnerabilities/ and the PluginManager picks it up.
KramScan pipes scan results through your chosen LLM for risk scoring, remediation advice, and executive summaries.