XploitScan

XploitScan is a command‑line and web‑based scanner that analyzes source code produced by AI coding assistants such as Cursor, Lovable, Bolt, Replit, and Claude. It runs a set of 206 detection rules covering secrets, injection flaws, authentication, cryptography, container and infrastructure configurations, and other common security issues. The tool produces a plain‑English report that includes a severity grade, description of each finding, and suggested code fixes, allowing developers without deep security expertise to understand and remediate problems quickly.

The scanner can be invoked with a single `npx xploitscan scan .` command for JavaScript, TypeScript, or Python projects, or used through a web interface, a GitHub Action, or a GitHub App that automatically scans pull requests. Results are output in SARIF format for CI/CD pipelines and are also mapped to compliance frameworks such as SOC 2, ISO 27001, OWASP Top 10, and CWE, facilitating audit reporting.

XploitScan targets indie developers, solo founders, startup teams, and open‑source contributors who rely on AI‑generated code and need an easy, no‑signup way to catch security vulnerabilities before deployment. The free tier offers multiple scans per day, while paid plans provide additional rule sets and enterprise features.