🛡️ Autonomous Internet Security Scanner powered by Cloudflare Workers
Click the button above to deploy BLT-NetGuardian to your Cloudflare account in one click!
Want to run scans locally? The desktop client for BLT-NetGuardian is maintained in a separate repository:
The client lets you download individual scan tasks from the server and process them on your own machine, offloading work from the Cloudflare Worker to your local environment. Each discovery in the dashboard has a "Send to Client" button that exports the task as a JSON file ready to be loaded by the client application.
BLT-NetGuardian is an autonomous security scanning system that continuously discovers and scans the internet for security vulnerabilities. Unlike traditional scanners that require manual target submission, BLT-NetGuardian actively discovers domains, repositories, smart contracts, and APIs using multiple discovery methods, automatically scans them for vulnerabilities, and contacts stakeholders when issues are found.
- Certificate Transparency Monitoring: Discovers new domains from CT logs
- GitHub Repository Scanning: Tracks trending and newly updated repositories
- Blockchain Monitoring: Detects new smart contract deployments
- Subdomain Enumeration: Discovers subdomains of known targets
- API Directory Scanning: Monitors public API directories
- User Suggestions: Allows community to guide the scanner
- security.txt Integration: RFC 9116 compliant contact discovery
- WHOIS Lookup: Finds domain registrant contacts
- GitHub Security Advisory: Direct security team notification
- Responsible Disclosure: 90-day disclosure timeline
- Contact Logging: Tracks all notification attempts
-
Web2 Crawler - Web application vulnerability scanner
- XSS, CSRF, SQLi detection
- Security header analysis
- Form and endpoint discovery
- Authentication testing
-
Web3 Monitor - Blockchain and smart contract monitoring
- Transaction pattern analysis
- Malicious address detection
- Gas usage optimization
- Real-time blockchain monitoring
-
Static Analyzer - Source code security analysis
- SAST tool integration
- Dependency vulnerability scanning
- Hardcoded secret detection
- Multi-language support (Python, JavaScript, Java, Go, Rust)
-
Contract Scanner - Smart contract auditing
- Reentrancy vulnerability detection
- Access control analysis
- Integer overflow/underflow checks
- Gas optimization recommendations
- Solidity and Vyper support
-
Volunteer Agent Manager - Community security testing
- Distributed testing coordination
- Agent registration and management
- Result validation and aggregation
- Contributor rewards
Live Autonomous Scanner Dashboard:
- Real-time scanning status with current target
- Live discovery feed showing newly found targets
- Simple suggestion input to guide the scanner
- Statistics: domains discovered, repos found, contacts made
- Recent discoveries with vulnerability status
No Manual Forms Required - The system continuously scans on its own!
BLT-NetGuardian uses a three-tier architecture:
- Frontend: Static HTML/CSS/JS hosted on GitHub Pages
- Backend: Python API worker running on Cloudflare Workers
- Client: Optional local desktop client in BLT-NetGuardian-Client for offloading scan tasks
┌─────────────────────────────────────────────────────────────┐
│ GitHub Pages │
│ (Frontend - Static) │
│ │
│ ┌──────────────┐ ┌─────────────┐ ┌──────────────────┐ │
│ │ index.html │ │ dashboard │ │ vulnerabilities │ │
│ │ (Main UI) │ │ .html │ │ .html │ │
│ └──────────────┘ └─────────────┘ └──────────────────┘ │
│ │
│ │ │
└─────────┼───────────────────────────────────────────────────┘
│ HTTPS/REST API
▼
┌─────────────────────────────────────────────────────────────┐
│ Cloudflare Worker (Backend) │
│ Python API Only │
│ │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ API Endpoints │ │
│ │ • /api/tasks/queue │ │
│ │ • /api/targets/register │ │
│ │ • /api/results/ingest │ │
│ │ • /api/jobs/status │ │
│ │ • /api/vulnerabilities │ │
│ └──────────────────────────────────────────────────────┘ │
│ │ │
│ ┌──────────────────┴──────────────────┐ │
│ │ Scanner Coordinator │ │
│ └──────────┬──────────────────────────┘ │
│ │ │
│ ┌─────────────────┼─────────────────────────────────────┐ │
│ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ Web2 Web3 Static Contract │
│ Crawler Monitor Analyzer Scanner │
│ │
└─────────────────────────────────────────────────────────────┘
│
▼
┌────────────────────────┐
│ Cloudflare KV Store │
│ ├─ Job States │
│ ├─ Task Queue │
│ ├─ Vulnerability DB │
│ └─ Target Registry │
└────────────────────────┘
The system continuously discovers new targets using:
- CT Log Monitoring: Watches Certificate Transparency logs for new SSL certificates
- GitHub API: Monitors trending repositories and recent updates
- Blockchain Scanners: Tracks new smart contract deployments on Ethereum, Polygon, BSC
- DNS Enumeration: Discovers subdomains and related domains
- Public Directories: Scans API directories and service listings
When a target is discovered:
- Target is automatically registered in the system
- Appropriate scanners are selected based on target type
- Scan tasks are queued with priority based on discovery source
- Multiple scanners run in parallel for comprehensive coverage
- Results are aggregated and stored
Each scanner detects specific vulnerability types:
- Web2: XSS, CSRF, SQLi, security misconfigurations
- Web3: Reentrancy, access control, integer issues
- Static: Code vulnerabilities, dependency issues, secrets
- Contract: Smart contract specific vulnerabilities
When vulnerabilities are found:
- System looks for contact information (security.txt, WHOIS, GitHub)
- Prepares professional vulnerability disclosure report
- Attempts contact through multiple channels
- Logs all contact attempts for transparency
- Follows 90-day responsible disclosure timeline
Community members can:
- Suggest specific targets for immediate scanning
- Mark suggestions as priority for faster processing
- View real-time discovery and scanning status
- Monitor contact attempts and responses
POST /api/discovery/suggest
Content-Type: application/json
{
"suggestion": "example.com",
"priority": true
}
GET /api/discovery/status
GET /api/discovery/recent?limit=20
POST /api/tasks/queue
Content-Type: application/json
{
"target_id": "abc123",
"task_types": ["crawler", "static_analysis"],
"priority": "high"
}
GET /api/tasks/list?job_id=job123
POST /api/targets/register
Content-Type: application/json
{
"target_type": "web2",
"target": "https://example.com",
"scan_types": ["crawler", "vulnerability_scan"],
"notes": "Focus on authentication flows"
}
POST /api/results/ingest
Content-Type: application/json
{
"task_id": "task123",
"agent_type": "web2_crawler",
"results": {
"findings": [...],
"vulnerabilities": [...]
}
}
GET /api/vulnerabilities?limit=50&severity=critical
GET /api/jobs/status?job_id=job123
Quick Deploy: Click the button above to instantly deploy the backend to your Cloudflare account!
BLT-NetGuardian is split into two parts:
- Frontend (GitHub Pages) - Already live at
https://owasp-blt.github.io/BLT-NetGuardian/ - Backend (Cloudflare Workers) - Deploy with one click or manually (instructions below)
Simply click the "Deploy to Cloudflare Workers" button above. This will:
- Fork the repository to your GitHub account (if needed)
- Guide you through connecting your Cloudflare account
- Automatically create required KV namespaces
- Deploy the worker to your Cloudflare account
- Wrangler CLI
- Cloudflare account
- Install Wrangler:
npm install -g wrangler- Login to Cloudflare:
wrangler login- Create KV namespaces:
wrangler kv:namespace create "JOB_STATE"
wrangler kv:namespace create "TASK_QUEUE"
wrangler kv:namespace create "VULN_DB"
wrangler kv:namespace create "TARGET_REGISTRY"-
Update
wrangler.tomlwith your KV namespace IDs -
Deploy:
wrangler publish- Update
assets/js/config.jswith your Worker URL:
API_BASE_URL: 'https://blt-netguardian.your-subdomain.workers.dev'- Commit and push the config change to deploy to GitHub Pages
# Serve static files
python -m http.server 8000
# Visit http://localhost:8000wrangler dev
# API available at http://localhost:8787Update assets/js/config.js to use local backend:
API_BASE_URL: 'http://localhost:8787'For detailed deployment instructions, see DEPLOY.md
BLT-NetGuardian can integrate with a wide variety of security scanning tools. For a comprehensive list of vulnerability scanning tools and resources, see SECURITY_TOOLS.md.
The document includes tools for:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Dependency and Supply Chain Security
- Container and Infrastructure Security
- Smart Contract Security
- Secret Detection
- And many more categories
Edit wrangler.toml to configure:
- KV namespace bindings
- Environment variables
- Worker routes
- Build settings
const response = await fetch('https://your-worker.workers.dev/api/targets/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
target_type: 'web2',
target: 'https://example.com',
scan_types: ['crawler', 'vulnerability_scan']
})
});
const { target_id } = await response.json();
// Queue scanning tasks
await fetch('https://your-worker.workers.dev/api/tasks/queue', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
target_id,
task_types: ['crawler', 'vulnerability_scan'],
priority: 'high'
})
});const response = await fetch(`https://your-worker.workers.dev/api/jobs/status?job_id=${jobId}`);
const status = await response.json();
console.log(`Progress: ${status.progress}% (${status.completed}/${status.total} tasks)`);const response = await fetch('https://your-worker.workers.dev/api/vulnerabilities?severity=critical');
const { vulnerabilities } = await response.json();
vulnerabilities.forEach(vuln => {
console.log(`${vuln.severity.toUpperCase()}: ${vuln.title}`);
});- All API endpoints support CORS for web interface access
- Task deduplication prevents redundant scanning
- Vulnerability data is stored with 30-day expiration
- Results include LLM triage preparation for AI-powered analysis
- Volunteer agent submissions should be validated before acceptance
{
task_id: string
job_id: string
target_id: string
task_type: "crawler" | "static_analysis" | "contract_audit" | ...
priority: "low" | "medium" | "high"
status: "queued" | "running" | "completed" | "failed"
created_at: string
completed_at?: string
result_id?: string
}{
vulnerability_id: string
type: string
severity: "critical" | "high" | "medium" | "low" | "info"
title: string
description: string
affected_component: string
cve_id?: string
cvss_score?: number
remediation?: string
references?: string[]
}Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the GNU Affero General Public License v3.0 - see the LICENSE file for details.
- OWASP BLT Project
- Cloudflare Workers Platform
- Security research community
For issues and questions, please open an issue on GitHub.
Built with ❤️ by the OWASP BLT community