vibetest

Localhost-first pentesting CLI for catching vibe-coded vulnerabilities

Fast, developer-friendly security scans for apps you build quickly (AI-assisted or hand-coded). Discover auth issues, misconfigurations, exposed endpoints, and more — all locally.

Get Started

Why use vibetest?

Developer-focused

Runs on localhost and matches typical fast development workflows — minimal setup, quick results.

Auth-aware

Automatically discovers tokens, cookies, and headers so you can scan authenticated routes without hassle.

Actionable findings

Reports include clear reproduction steps and recommended fixes so developers can resolve issues quickly.

Quick Start

# Install / run from repo
npm start
# Scan a local app on port 3000
vibetest -p 3000
# With a separate API backend
vibetest -p 3000 --api-port 8080

See the full usage guide for flags and authentication options.

Ready to scan?

Run vibetest against your local app and review the generated report in vibetest-reports/.

Run Your First Scan