Over the past few weeks, I've been building Buggy.runhttps://buggy.run/, an AI-powered security scanner that tests the parts of your web app most scanners never reach.
Most vulnerability scanners stop at the login page. Buggy.run logs in with test credentials, explores authenticated pages, and looks for common security issues like SQL injection, XSS, exposed secrets, insecure headers, session problems, and API vulnerabilities.
I built it for developers, startups, and agencies who want an easy way to catch security issues before shipping.
Some highlights:
- Authenticated security scanning
- AI-powered vulnerability analysis
- API security testing
- OWASP-focused checks
- Clear reports with remediation suggestions
- No complicated setup
I'd love to get feedback from the dev community. What features would make a security scanner genuinely useful for your workflow?
Check it out:https://buggy.run/https://buggy.run/
Feedback, ideas, and feature requests are always welcome. 🙌