🔐 Vulcn

Security testing made simple. Record once, test with payloads, find vulnerabilities.

⚡ Quick Start

# Install globally
npm install -g vulcn

# Record a session (opens browser)
vulcn record https://example.com/login

# Run with security payloads
vulcn run session.vulcn.yml

Zero-config browser support — Vulcn uses your existing Chrome or Edge. No browser downloads needed.

🎯 What is Vulcn?

Vulcn is a driver-based security testing framework that:

Records interactions (browser clicks, API requests, CLI commands)
Replays them with security payloads injected
Detects vulnerabilities via plugins (XSS, SQLi, reflection, etc.)

Architecture

┌─────────────────────────────────────────────────────────┐
│                     vulcn CLI                           │
├─────────────────────────────────────────────────────────┤
│                   @vulcn/engine                         │
│  ┌─────────────────────┐  ┌──────────────────────────┐  │
│  │   DriverManager     │  │    PluginManager         │  │
│  │   • browser         │  │    • payloads            │  │
│  │   • api (soon)      │  │    • detect-xss          │  │
│  │   • cli (soon)      │  │    • detect-reflection   │  │
│  └─────────────────────┘  └──────────────────────────┘  │
└─────────────────────────────────────────────────────────┘

📦 Packages

Package	Description
`vulcn`	CLI tool
`@vulcn/engine`	Core engine with driver & plugin systems
`@vulcn/driver-browser`	Browser recording with Playwright
`@vulcn/plugin-payloads`	XSS, SQLi, SSRF payloads
`@vulcn/plugin-detect-xss`	Execution-based XSS detection
`@vulcn/plugin-detect-reflection`	Pattern-based reflection detection

📚 Documentation

Full documentation is available at docs.vulcn.dev

🤝 Contributing

See CONTRIBUTING.md for development setup and guidelines.

📝 License

Made with ❤️ by rawlab