Skip to content

Add live browser scanner + fix README language stats#14

Merged
DaCameraGirl merged 1 commit into
mainfrom
feature/browser-scan-engine
Jul 5, 2026
Merged

Add live browser scanner + fix README language stats#14
DaCameraGirl merged 1 commit into
mainfrom
feature/browser-scan-engine

Conversation

@DaCameraGirl

Copy link
Copy Markdown
Owner

Problem

The Pages link (dacameragirl.github.io/payload-revealer) only rendered a static landing page. The actual scanning logic lived in payload_revealer/engine/*.py, reachable only via the Python CLI or the Electron desktop app — nothing you could use from the browser without installing something. Every other repo in this account is a live, no-install browser app at its Pages link; this one didn't match that pattern.

The README also had stale/wrong language percentages (missing HTML entirely, and the Python/JS/CSS numbers didn't match GitHub's own detection).

What changed

  • assets/js/scan-engine.js — vanilla JS port of sweeper.py + classifier.py + payload_extractor.py + word_counter.py. Validated against the Python engine's JSON output on all 5 test fixtures — identical char counts, category/risk breakdowns, and decoded payloads (including the 312-char ZWSP-encoded beacon URL in forensic_report.txt).
  • assets/js/app.js + assets/css/scanner.css — UI wiring and styling, using the Electron renderer (electron/renderer/) as the visual reference: paste text or drop a .txt file, get the same findings/payloads/raw-JSON tabs and JSON/TXT export the desktop app has, entirely client-side.
  • index.html — new "Live Scanner" section right after the hero, wired to the engine above. Reframed the Quick Download / CLI sections as optional (offline/scripting) rather than required.
  • README.md — added the language flag bar, corrected the language badges to match GitHub's actual detection, pointed the "if something pasted suspicious" flow at the live scanner first.

The Python CLI and Electron desktop app are unchanged.

Verified

Drove the page end-to-end with Playwright (headless Chromium) against a local static server:

  • Pasted text with an embedded zero-width-space binary payload → correctly flagged 16 critical-risk characters and decoded the payload
  • Uploaded tests/fixtures/zero_width.txt → correctly flagged all 3 zero-width characters with correct names/blocks
  • Both JSON and TXT export produced valid downloads
  • Zero console errors throughout

Closes #13

Co-Authored-By: Claude Sonnet 5 noreply@anthropic.com

…landing page

The scan/classify/extract logic in payload_revealer/engine was Python-only,
reachable only via the CLI or the Electron desktop app, so the GitHub Pages
link had nothing to actually do — it just rendered index.html as a static
landing page. Every other repo in this account works as a live, no-install
browser app at its Pages link; this one didn't match that.

Ports sweeper.py, classifier.py, payload_extractor.py, and word_counter.py
to vanilla client-side JS (assets/js/scan-engine.js), validated char-for-char
against the Python engine's JSON output across all five test fixtures
(forensic_report.txt, bidi.txt, normal.txt, null_bytes.txt, zero_width.txt) —
identical total/visible/hidden counts, category/risk breakdowns, and decoded
payloads (including the 312-char ZWSP-encoded beacon URL fixture).

Wires it into index.html using the Electron renderer's UI as the visual
reference (assets/js/app.js, assets/css/scanner.css): paste text or drop a
.txt file, get findings/payloads/raw-JSON tabs and JSON/TXT export, entirely
client-side. The Python CLI and Electron desktop app are unchanged and stay
available for offline/scripted use.

Closes #13
@DaCameraGirl DaCameraGirl merged commit 08ef0f3 into main Jul 5, 2026
2 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Pages link opens a landing page, not a live scanner

1 participant