Waloscan
cybersecurity platform for external attack auditing
Start new thread
Ir Ergil ILUNGA

Waloscan - cybersecurity platform for external attack auditing

by
Waloscan is an open-source cybersecurity engineering solution designed to evaluate the external attack surface of web infrastructures, detect potential identity compromises (Data Breach Tracker), and analyze suspicious links using a heuristic anti-phishing engine. Built with Python (Flask) and optimized with the Rust-based package manager 'uv'.

Add a comment

Replies

Best
Ir Ergil ILUNGA
Maker
📌
The inspiration for Waloscan came from a simple, alarming reality in cybersecurity: many organizations, developers, and creators have no clear visibility into their own external attack surface until an incident occurs. Misconfigured HTTP headers, exposed admin ports, or forgotten .env files on production servers are goldmines for threat actors. I wanted to build a unified, fast, and accessible tool to solve this exact problem. The primary issue Waloscan addresses is information asymmetry—allowing users to audit their infrastructure reconnaissance and identify data leaks or phishing risks before malicious actors do. While working on this launch, my process shifted heavily toward performance and deployment efficiency. Initially, I focused solely on the core Flask mechanics, but I quickly realized that security tools need to be lightweight and fast to deploy. This led me to integrate Astral's 'uv' package manager (written in Rust) directly into the environment workflow. It completely transformed the setup process, reducing virtual environment creation and dependency resolution to under 10 seconds. This focus on developer experience and speed shaped Waloscan into the streamlined open-source platform it is today.
Ir Ergil ILUNGA
Maker

Hi Product Hunt community! 👋

I'm Ergi, a software engineer, and I'm thrilled to introduce Waloscan.

I built this tool because I was frustrated with the current state of external attack surface management. Developers and small security teams are often stuck between two extremes: complex, overpriced enterprise platforms, or a fragmented mess of scattered CLI scripts that take too much time to chain together.

Waloscan is a fast, lightweight, and entirely open-source framework built with Python and Flask. It automates external attack surface auditing, sub-domain discovery, and phishing heuristic detection in a single, unified stack. It’s designed to be self-hosted, clean, and easily integrated into any modern deployment pipeline.

The project is fully open-source under GNU GPL v3. I’m launching it today to get hard engineering feedback from the global tech community. I’d love to know your thoughts on the architecture, the feature set, or any ideas for future modules!

I'll be here all day to answer your questions and chat about the tech. Thanks for checking it out! 🚀