Tyre Kicker - Security Scanner
Extension Actions
Offline security scanner. Detect API keys, CVEs, config issues. No external API calls. For authorized testing only.
## π TYRE KICKER β Professional Security Audits, Instantly
**Tyre Kicker** is a privacy-first security scanner built for developers, consultants, agencies, and security professionals who need **fast, defensible security assessments** without sending data to the cloud.
Generate **professional, client-ready security audits in under 10 seconds**, directly from your browser. No setup. No accounts. No data leakage.
---
## β‘ WHAT MAKES TYRE KICKER DIFFERENT
### π§ 100% LOCAL Β· ZERO-CLOUD SCANNING
All analysis happens **entirely on your machine**:
- No scan data ever leaves your browser
- No external APIs during scans
- No tracking, analytics, or hidden uploads
- Offline CVE database for complete privacy
Your targets, your findings, your data β always.
---
## π‘οΈ CORE CAPABILITIES
### π CVE & TECHNOLOGY VULNERABILITY DETECTION
- Detects **25,000+ known CVEs** across **6,700+ technologies**
- Server software: Apache, nginx, IIS, etc.
- Frontend frameworks: React, Vue, Angular, jQuery, more
- Outdated library and dependency detection
- Fully offline vulnerability matching
---
### π EXPOSED SECRETS & CREDENTIAL SCANNING
- **60+ API key types detected**, including:
- AWS, Google Cloud, Stripe, GitHub, SendGrid, Twilio
- Hardcoded passwords and credentials
- OAuth secrets and private keys
- JWT token decoding and sensitive claim detection
- Database connection strings
---
### π SECURITY CONFIGURATION ANALYSIS
- Missing or weak security headers:
- CSP, HSTS, X-Frame-Options, Referrer-Policy, more
- Transport security issues
- Mixed content warnings
- Insecure form configurations
- CSRF and password field weaknesses
---
### π§ͺ DEVELOPMENT & DEBUG ARTIFACTS
- Debug endpoints and test files
- Source maps and stack traces
- Environment leakage indicators
- Error messages exposing sensitive information
---
## π 7-TIER SECURITY SCORING SYSTEM
Every site receives a **clear, non-technical security grade** clients instantly understand:
- ποΈ **Fort Knox** (90β100)
- π¦ **Bank Vault** (75β89)
- π **Safe** (60β74)
- ποΈ **Filing Cabinet** (45β59)
- ποΈ **Garden Shed** (30β44)
- π¦ **Cardboard Box** (15β29)
- π§ **Wet Paper Bag** (<15)
Perfect for prioritization, reporting, and closing deals.
---
## π PROFESSIONAL REPORTING (PRO)
Upgrade to unlock **client-ready deliverables**:
- Executive security summaries
- Findings grouped by severity (Critical β Low)
- File paths and line numbers
- Clear remediation guidance
- **White-label PDF reports**
- **JSON export for CI/CD & tooling**
- Instant report generation after every scan
---
## π― BUILT FOR PROFESSIONAL USE
β Security consultants & penetration testers
β Digital agencies & MSPs
β Bug bounty hunters (authorized targets only)
β DevSecOps & development teams
β Security-conscious organizations
Run a scan, show the risk, deliver the fix.
---
## π AUTHORIZED USE ONLY
Tyre Kicker is intended **only for systems you own or have explicit permission to test**. Unauthorized scanning may be illegal.
---
## π GET STARTED
1. Visit a website youβre authorized to test
2. Click the Tyre Kicker extension
3. Start the scan
4. Review findings instantly
5. Export or generate reports (Pro)
---
**Tyre Kicker**
*White-label security audits. Zero cloud. Zero compromise.*