AI-Powered Security Scanner for Web Apps + Estonian eID Integration
A comprehensive security assessment platform designed specifically for Estonian digital infrastructure and government services. Built with deep expertise in Estonian e-ID authentication systems and powered by artificial intelligence, it helps developers secure their digital products and protect citizens' sensitive data.
π Live Site: https://e-gov-guardian.onrender.com
π οΈ Try scanning a URL or testing the Smart-ID login
E-Gov Guardian is a professional security scanner that combines traditional vulnerability detection with specialized Estonian e-ID authentication testing and AI-powered analysis.
π‘ Simple Workflow:
Scan a web app β Detect SQL Injection/XSS/CSRF β Get AI-powered explanations + fix suggestions β Test Estonian e-ID security β Generate professional PDF reports
- π Web Application Security: Comprehensive vulnerability scanning for government websites
- πͺπͺ Estonian e-ID Integration: Specialized testing for Smart-ID, Mobile-ID, and e-ID Card authentication
- π§ AI-Powered Analysis: GPT-4o-mini provides contextual security recommendations
- π Professional Reporting: Executive summaries and detailed technical reports
- π Multi-Language Support: Available in English and Estonian
Estonia is a world leader in digital identity and public e-services, with over 99% of government services available online. As an Estonian developer, I recognized that:
- Cybersecurity is critical for maintaining trust in e-Governance
- Traditional scanners miss the nuanced security requirements of Estonian authentication systems
- AI can bridge the gap between technical findings and actionable recommendations
- Citizen data protection requires specialized tools for government-grade security
I wanted to create a tool that helps Estonian developers and government agencies secure their applications with the help of AI and deep knowledge of national ID systems.
| Feature | Description |
|---|---|
| π Web Scanner | Scans apps for SQL injection, XSS, CSRF, security headers, CORS, and OWASP Top 10 vulnerabilities |
| π§ AI Suggestions | GPT-4o-mini explains risks in plain language and suggests specific fixes |
| πͺπͺ eID Integration | Specialized testing for Smart-ID, Mobile-ID, and e-ID Card authentication flows |
| π Results Dashboard | Real-time scan progress, vulnerability breakdown, and compliance scoring |
| π PDF Reports | Professional reports suitable for audit evidence and stakeholder presentations |
| π Multi-Language | Full Estonian and English language support |
| β‘ Real-time Scanning | Live progress updates and concurrent scan support |
| π§ Advanced Testing | API fuzzing, GraphQL security, subresource integrity, and more |
- Python 3.11: Core application runtime
- Flask 3.1: Web framework with Jinja2 templating
- Gunicorn + gevent: Production WSGI server for high concurrency
- OWASP ZAP: Professional security scanning (optional integration)
- OpenAI API: AI-powered security analysis with GPT-4o-mini
- Bootstrap 5: Modern, responsive UI with professional styling
- JavaScript: Real-time progress updates and interactive features
- Multi-language Support: English and Estonian interface
- requests: HTTP security testing and vulnerability detection
- BeautifulSoup: HTML parsing and analysis
- Selenium: Browser automation for complex authentication flows
- python-nmap: Network security scanning and port analysis
- cryptography: TLS/SSL security assessment
- yara-python: Malware detection and pattern matching
- WeasyPrint: Professional PDF generation with charts
- ReportLab: Advanced report layouts and formatting
- JSON API: Programmatic access to scan results
Clean, professional interface with dual scanner options - Web application scanner and Estonian e-ID scanner
Configurable security test selection with comprehensive vulnerability detection options
Advanced testing options and Estonian e-ID specific security features
.png)
Real-time progress tracking with detailed phase information and live vulnerability detection updates
.png)
Professional progress indicators showing comprehensive security assessment phases
Executive summary with risk ratings, compliance scores, and vulnerability breakdown by severity
AI-powered recommendations for each finding with authentication method-specific security analysis
Complete application interface showing the professional security scanning dashboard
E-Gov Guardian generates professional PDF reports suitable for audit evidence and stakeholder presentations. Here's a sample security report:
**π View Sample Security Report**upda
- Executive Summary: High-level security assessment with risk ratings
- Detailed Vulnerability Analysis: Comprehensive breakdown of all findings
- AI-Powered Recommendations: Contextual fix suggestions for each vulnerability
- Compliance Scoring: eIDAS and GDPR compliance assessment
- Professional Formatting: Branded reports suitable for government agencies
- Multi-Language Support: Available in English and Estonian
- Python 3.11+
- Docker (optional, for containerized deployment)
- OpenAI API key (optional, for AI analysis)
# Clone the repository
git clone https://github.com/uzaif-lab/E-Gov_Guardian.git
cd E-Gov_Guardian
# Build and run with Docker
docker build -t egov-guardian .
docker run -e OPENAI_API_KEY="your-api-key" -p 5000:5000 egov-guardian
# Access the application
open http://localhost:5000# Clone the repository
git clone https://github.com/uzaif-lab/E-Gov_Guardian.git
cd E-Gov_Guardian
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Set environment variables
export OPENAI_API_KEY="your-api-key" # Optional
# Run development server
python web_app.py# Clone and configure
git clone https://github.com/uzaif-lab/E-Gov_Guardian.git
cd E-Gov_Guardian
# Edit docker-compose.yml to add your OpenAI API key
# Then run:
docker-compose up -d| Variable | Description | Required |
|---|---|---|
OPENAI_API_KEY |
OpenAI API key for AI analysis | Optional* |
WEB_CONCURRENCY |
Number of worker processes | Optional |
PORT |
Application port (default: 5000) | Optional |
*AI analysis will be disabled if no API key is provided
Copy config.template.yaml to config.yaml for advanced settings:
# AI Analysis Configuration
ai_analysis:
enabled: true
model: "gpt-4o-mini"
max_tokens: 150
temperature: 0.1
# Scanner Configuration
scanner:
max_scan_time: 1800 # 30 minutes
max_depth: 5
deep_scan_depth: 8
# OWASP ZAP Integration (Optional)
zap:
enabled: false
host: "127.0.0.1"
port: 8080- β SQL Injection (Error-based, Boolean-based, Time-based)
- β Cross-Site Scripting (Reflected, Stored, DOM-based)
- β Cross-Site Request Forgery (CSRF)
- β Security Headers Analysis (CSP, HSTS, X-Frame-Options, etc.)
- β Cookie Security Assessment (Secure, HttpOnly, SameSite)
- β CORS Misconfiguration Testing
- β Open Redirect Vulnerabilities
- β Host Header Injection
- β Directory Traversal
- β Command Injection
- β REST API Endpoint Fuzzing
- β GraphQL Introspection and Security
- β Subresource Integrity Verification
- β HTTP Method Testing (GET, POST, PUT, DELETE, etc.)
- β Information Disclosure Detection
- β Smart-ID Authentication Flow Security
- β Mobile-ID Implementation Testing
- β e-ID Certificate Chain Validation
- β TLS/SSL Configuration for e-ID Services
- β Authentication Redirect Security
- β Privacy and Data Protection Compliance
- β TLS/SSL Configuration Testing
- β Certificate Validation
- β Network Security Assessment
- β Service Discovery and Fingerprinting
E-Gov Guardian includes specialized knowledge of Estonian digital identity systems:
- Smart-ID: Mobile app-based authentication
- Mobile-ID: SMS-based authentication
- e-ID Card: Physical card-based authentication
- eIDAS Regulation: European digital identity standards
- Estonian Trust Services: National digital identity requirements
- GDPR: Privacy and data protection compliance
- Certificate chain validation for e-ID services
- Authentication flow security analysis
- Privacy risk assessment
- Cross-border interoperability security
POST /scan
Content-Type: application/x-www-form-urlencoded
target_url=https://example.com
&deep_scan=true
&ai_analysis=true
&test_sql_injection=true
&test_xss=trueGET /api/scan-results/{scan_id}GET /download/{scan_id}POST /estonian-scan
Content-Type: application/x-www-form-urlencoded
estonian_url=https://login.eesti.ee
&estonian_ai_analysis=true- Real Smart-ID/Mobile-ID Integration: Direct integration with SK ID Solutions API
- Exportable PDF Security Reports: Enhanced reporting with executive summaries
- Support for Estonian Public Service Domains: Pre-configured scanning for government domains
- Multilingual UI: Enhanced Estonian + English language support
- Scheduled Scans: Automated security monitoring with email alerts
- Team Collaboration: Multi-user support for government agencies
- Compliance Templates: Pre-built templates for eIDAS and GDPR compliance
- Integration APIs: RESTful APIs for CI/CD pipeline integration
I welcome contributions from Estonian developers, security researchers, and government technologists who are passionate about protecting Estonian citizens' data and improving our nation's digital infrastructure security. Together, we can ensure Estonia maintains its position as a global leader in secure digital governance.
# Clone and setup development environment
git clone https://github.com/uzaif-lab/E-Gov_Guardian.git
cd E-Gov_Guardian
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Run tests
python -m pytest
# Start development server
python web_app.py- Configure
OPENAI_API_KEYenvironment variable - Set appropriate
WEB_CONCURRENCYfor your infrastructure - Configure reverse proxy (nginx/Apache) with SSL termination
- Set up monitoring and logging
- Configure backup and disaster recovery
- Implement rate limiting and DDoS protection
- Review and customize security scan configurations
Monitor these key metrics in production:
- Response time for security scans
- Memory usage during concurrent scans
- AI API usage and costs
- Scan completion rates
- Error rates and types
- GitHub Issues: Report bugs, request features, and discuss improvements with fellow Estonian developers
- Security Issues: Contact maintainers privately for security vulnerabilities - protecting citizens' data is our top priority
- Estonian e-ID Questions: Specialized support for Estonian authentication systems (Smart-ID, Mobile-ID, e-ID Card)
- Community Support: Connect with other Estonian developers working on digital government security
- Estonian e-ID Security Documentation: Official security guidelines and best practices
- OWASP Security Testing Guide: International security standards adapted for Estonian context
- eIDAS Regulation Compliance Guide: European digital identity requirements
- Estonian Government Web Security Best Practices: National security standards
- RIA (Riigi InfosΓΌsteemi Amet) Security Guidelines: Official Estonian government IT security requirements
MIT License Β© 2024 Mohd Uzaif Khan
E-Gov Guardian is developed with the mission of improving digital government security in Estonia and protecting Estonian citizens' data. This project is dedicated to the public good and the advancement of secure digital governance in Estonia.
As a developers, i have a unique opportunity and responsibility to maintain development with security. Every line of code i write, every security measure i implement, and every vulnerability i prevent helps protect the personal data and digital rights of estonian citizens.
"Securing digital government services for Estonian citizens - because their trust in digital society depends on it"
E-Gov Guardian - Professional security assessment for Estonia's digital future.
π€ Built by: [Mohd Uzaif Khan]
π§ Email: [uzaifkhan7867@gmail.com]
πͺπͺ For Estonian Developers
This tool was created specifically for the Estonian developer community. Whether you're working on government portals, e-services, or any digital product that serves Estonian citizens, E-Gov Guardian helps you maintain the security standards that our digital society depends on.
Thank you