madebyaris

madebyaris / chaca-scanner

Public

Native desktop web security scanner for developers. OWASP Top 10, API exposure, CMS detection, target intelligence. Built with Tauri 2 + React 19 + Rust.

madebyaris.com api-security cms-detection owasp react rust
11
1
100% credibility
Found Mar 07, 2026 at 11 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

Chaca is a desktop app that scans websites for security weaknesses like missing protections and exposed data, giving clear reports and scores.

How It Works

1
๐Ÿ–ฅ๏ธ Get Chaca app

You download the simple desktop app and open it, excited to check your website's safety.

2
๐ŸŒ Enter website address

Type the web address you own or have permission to test into the ready box.

3
๐Ÿ” Choose scan depth

Pick a quick safe check or full deep scan to match what you need.

4
๐Ÿš€ Launch the scan

Hit start and watch the colorful progress bars as it explores your site for weak spots.

5
๐Ÿ“Š See your security score

A dashboard pops up showing your overall safety rating and top issues by danger level.

6
๐Ÿ” Explore details

Click into findings to read simple explanations, proof, and easy fixes.

โœ… Export and secure

Save your report and confidently fix problems to make your site bulletproof.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 11 to 11 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is chaca-scanner?

Chaca-scanner is a native desktop app built with Tauri 2, React 19, and Rust that runs fast security audits on web apps and APIsโ€”no terminal or complex setup required. Enter a URL, pick passive (headers/responses), active (payload tests), or full scan, and get a security score, vulnerability list, API exposures, CMS detection, and target intelligence like server fingerprints and tech stack. It exports clean JSON/CSV reports with CWE links and remediation steps.

Why is it gaining traction?

As a github native alpha project using a native desktop app framework, it skips browser extensions or CLI tools like ZAP, delivering real-time progress, dashboard charts, and persistent settings in a monospace UI devs love. Features like confidence scoring, deduped findings, and OWASP API Top 10 coverage make audits actionable without deep expertise, plus it handles custom headers and rate limits out of the box.

Who should use this?

Web developers auditing local or staging sites before deploy, API builders probing for exposures like swagger.json or /env leaks, and frontend teams checking CMS setups (WordPress, Shopify). Ideal for quick pre-PR scans on your own targets, not full pentests.

Verdict

Promising github native alpha for desktop security scans (11 stars, 1.0% credibility score), but raw repo lacks automerge and testsโ€”treat as experimental. Grab it if you want a native desktop client for routine API and OWASP checks; skip for production pipelines.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.