🛡️ Autonomous Internet Security Scanner powered by Cloudflare Workers
Click the button above to deploy BLT-NetGuardian to your Cloudflare account in one click!
BLT-NetGuardian is an autonomous security scanning system that continuously discovers and scans the internet for security vulnerabilities. Unlike traditional scanners that require manual target submission, BLT-NetGuardian actively discovers domains, repositories, smart contracts, and APIs using multiple discovery methods, automatically scans them for vulnerabilities, and contacts stakeholders when issues are found.
- Certificate Transparency Monitoring: Discovers new domains from CT logs
- GitHub Repository Scanning: Tracks trending and newly updated repositories
- Blockchain Monitoring: Detects new smart contract deployments
- Subdomain Enumeration: Discovers subdomains of known targets
- API Directory Scanning: Monitors public API directories
- User Suggestions: Allows community to guide the scanner
- security.txt Integration: RFC 9116 compliant contact discovery
- WHOIS Lookup: Finds domain registrant contacts
- GitHub Security Advisory: Direct security team notification
- Responsible Disclosure: 90-day disclosure timeline
- Contact Logging: Tracks all notification attempts
-
Web2 Crawler - Web application vulnerability scanner
- XSS, CSRF, SQLi detection
- Security header analysis
- Form and endpoint discovery
- Authentication testing
-
Web3 Monitor - Blockchain and smart contract monitoring
- Transaction pattern analysis
- Malicious address detection
- Gas usage optimization
- Real-time blockchain monitoring
-
Static Analyzer - Source code security analysis
- SAST tool integration
- Dependency vulnerability scanning
- Hardcoded secret detection
- Multi-language support (Python, JavaScript, Java, Go, Rust)
-
Contract Scanner - Smart contract auditing
- Reentrancy vulnerability detection
- Access control analysis
- Integer overflow/underflow checks
- Gas optimization recommendations
- Solidity and Vyper support
-
Volunteer Agent Manager - Community security testing
- Distributed testing coordination
- Agent registration and management
- Result validation and aggregation
- Contributor rewards
Live Autonomous Scanner Dashboard:
- Real-time scanning status with current target
- Live discovery feed showing newly found targets
- Simple suggestion input to guide the scanner
- Statistics: domains discovered, repos found, contacts made
- Recent discoveries with vulnerability status
No Manual Forms Required - The system continuously scans on its own!
BLT-NetGuardian uses a split architecture:
- Frontend: Static HTML/CSS/JS hosted on GitHub Pages
- Backend: Python API worker running on Cloudflare Workers
┌─────────────────────────────────────────────────────────────┐
│ GitHub Pages │
│ (Frontend - Static) │
│ │
│ ┌──────────────┐ ┌─────────────┐ ┌──────────────────┐ │
│ │ index.html │ │ dashboard │ │ vulnerabilities │ │
│ │ (Main UI) │ │ .html │ │ .html │ │
│ └──────────────┘ └─────────────┘ └──────────────────┘ │
│ │
│ │ │
└─────────┼───────────────────────────────────────────────────┘
│ HTTPS/REST API
▼
┌─────────────────────────────────────────────────────────────┐
│ Cloudflare Worker (Backend) │
│ Python API Only │
│ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ API Endpoints │ │
│ │ • /api/tasks/queue │ │
│ │ • /api/targets/register │ │
│ │ • /api/results/ingest │ │
│ │ • /api/jobs/status │ │
│ │ • /api/vulnerabilities │ │
│ └──────────────────────────────────────────────────────┘ │
│ │ │
│ ┌──────────────────┴──────────────────┐ │
│ │ Scanner Coordinator │ │
│ └──────────┬──────────────────────────┘ │
│ │ │
│ ┌─────────────────┼─────────────────────────────────────┐ │
│ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ Web2 Web3 Static Contract │
│ Crawler Monitor Analyzer Scanner │
│ │
└─────────────────────────────────────────────────────────────┘
│
▼
┌────────────────────────┐
│ Cloudflare KV Store │
│ ├─ Job States │
│ ├─ Task Queue │
│ ├─ Vulnerability DB │
│ └─ Target Registry │
└────────────────────────┘
The system continuously discovers new targets using:
- CT Log Monitoring: Watches Certificate Transparency logs for new SSL certificates
- GitHub API: Monitors trending repositories and recent updates
- Blockchain Scanners: Tracks new smart contract deployments on Ethereum, Polygon, BSC
- DNS Enumeration: Discovers subdomains and related domains
- Public Directories: Scans API directories and service listings
When a target is discovered:
- Target is automatically registered in the system
- Appropriate scanners are selected based on target type
- Scan tasks are queued with priority based on discovery source
- Multiple scanners run in parallel for comprehensive coverage
- Results are aggregated and stored
Each scanner detects specific vulnerability types:
- Web2: XSS, CSRF, SQLi, security misconfigurations
- Web3: Reentrancy, access control, integer issues
- Static: Code vulnerabilities, dependency issues, secrets
- Contract: Smart contract specific vulnerabilities
When vulnerabilities are found:
- System looks for contact information (security.txt, WHOIS, GitHub)
- Prepares professional vulnerability disclosure report
- Attempts contact through multiple channels
- Logs all contact attempts for transparency
- Follows 90-day responsible disclosure timeline
Community members can:
- Suggest specific targets for immediate scanning
- Mark suggestions as priority for faster processing
- View real-time discovery and scanning status
- Monitor contact attempts and responses
POST /api/discovery/suggest
Content-Type: application/json
{
"suggestion": "example.com",
"priority": true
}
GET /api/discovery/status
GET /api/discovery/recent?limit=20
POST /api/tasks/queue
Content-Type: application/json
{
"target_id": "abc123",
"task_types": ["crawler", "static_analysis"],
"priority": "high"
}
GET /api/tasks/list?job_id=job123
POST /api/targets/register
Content-Type: application/json
{
"target_type": "web2",
"target": "https://example.com",
"scan_types": ["crawler", "vulnerability_scan"],
"notes": "Focus on authentication flows"
}
POST /api/results/ingest
Content-Type: application/json
{
"task_id": "task123",
"agent_type": "web2_crawler",
"results": {
"findings": [...],
"vulnerabilities": [...]
}
}
GET /api/vulnerabilities?limit=50&severity=critical
GET /api/jobs/status?job_id=job123
Quick Deploy: Click the button above to instantly deploy the backend to your Cloudflare account!
BLT-NetGuardian is split into two parts:
- Frontend (GitHub Pages) - Already live at
https://owasp-blt.github.io/BLT-NetGuardian/ - Backend (Cloudflare Workers) - Deploy with one click or manually (instructions below)
Simply click the "Deploy to Cloudflare Workers" button above. This will:
- Fork the repository to your GitHub account (if needed)
- Guide you through connecting your Cloudflare account
- Automatically create required KV namespaces
- Deploy the worker to your Cloudflare account
- Wrangler CLI
- Cloudflare account
- Install Wrangler:
npm install -g wrangler- Login to Cloudflare:
wrangler login- Create KV namespaces:
wrangler kv:namespace create "JOB_STATE"
wrangler kv:namespace create "TASK_QUEUE"
wrangler kv:namespace create "VULN_DB"
wrangler kv:namespace create "TARGET_REGISTRY"-
Update
wrangler.tomlwith your KV namespace IDs -
Deploy:
wrangler publish- Update
assets/js/config.jswith your Worker URL:
API_BASE_URL: 'https://blt-netguardian.your-subdomain.workers.dev'- Commit and push the config change to deploy to GitHub Pages
# Serve static files
python -m http.server 8000
# Visit http://localhost:8000wrangler dev
# API available at http://localhost:8787Update assets/js/config.js to use local backend:
API_BASE_URL: 'http://localhost:8787'For detailed deployment instructions, see DEPLOY.md
Edit wrangler.toml to configure:
- KV namespace bindings
- Environment variables
- Worker routes
- Build settings
const response = await fetch('https://your-worker.workers.dev/api/targets/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
target_type: 'web2',
target: 'https://example.com',
scan_types: ['crawler', 'vulnerability_scan']
})
});
const { target_id } = await response.json();
// Queue scanning tasks
await fetch('https://your-worker.workers.dev/api/tasks/queue', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
target_id,
task_types: ['crawler', 'vulnerability_scan'],
priority: 'high'
})
});const response = await fetch(`https://your-worker.workers.dev/api/jobs/status?job_id=${jobId}`);
const status = await response.json();
console.log(`Progress: ${status.progress}% (${status.completed}/${status.total} tasks)`);const response = await fetch('https://your-worker.workers.dev/api/vulnerabilities?severity=critical');
const { vulnerabilities } = await response.json();
vulnerabilities.forEach(vuln => {
console.log(`${vuln.severity.toUpperCase()}: ${vuln.title}`);
});- All API endpoints support CORS for web interface access
- Task deduplication prevents redundant scanning
- Vulnerability data is stored with 30-day expiration
- Results include LLM triage preparation for AI-powered analysis
- Volunteer agent submissions should be validated before acceptance
{
task_id: string
job_id: string
target_id: string
task_type: "crawler" | "static_analysis" | "contract_audit" | ...
priority: "low" | "medium" | "high"
status: "queued" | "running" | "completed" | "failed"
created_at: string
completed_at?: string
result_id?: string
}{
vulnerability_id: string
type: string
severity: "critical" | "high" | "medium" | "low" | "info"
title: string
description: string
affected_component: string
cve_id?: string
cvss_score?: number
remediation?: string
references?: string[]
}Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the GNU Affero General Public License v3.0 - see the LICENSE file for details.
- OWASP BLT Project
- Cloudflare Workers Platform
- Security research community
For issues and questions, please open an issue on GitHub.
Built with ❤️ by the OWASP BLT community