Reverse Engineering & Security Tools
Open Source

Web Security Inspector Pro: Dynamic DOM Analysis & Routing

PythonHTMLCSSJavaScriptTkinterBeautifulSoup4PygmentsTor NetworkRequestsRegex

An enterprise-grade, multi-threaded desktop application designed for secure webpage extraction, deep DOM parsing, and automated secret discovery via dynamic Tor and proxy routing.

Tech Stack

PythonHTMLCSSJavaScriptTkinterBeautifulSoup4PygmentsTor NetworkRequestsRegex

System Metrics

Pygments syntax highlighting is strictly capped at 300,000 characters to prevent UI thread lockups (OOM) on massive obfuscated scripts
Asynchronous network dispatching prevents the main event loop from hanging during slow Tor node handshakes or WAF timeouts
Efficient decoupled component rendering updates GUI tabs only when specific thread payloads clear the queue

Why Did I Build This?

"When analyzing potentially malicious or heavily obfuscated web targets, opening them in a standard browser or relying on raw `curl` commands is either dangerous or highly inefficient. I engineered this tool to securely fetch, dissect, and visualize the DOM without executing embedded malicious payloads. It automates the extraction of embedded scripts, stylesheets, and hardcoded secrets while offering strict OPSEC through Tor network forcing and custom proxy failovers."

Architecture & Decisions

The application leverages a decoupled GUI architecture utilizing Python's `threading` and `queue.Queue` to maintain absolute UI responsiveness during high-latency network requests (especially over Tor). The extraction engine uses `BeautifulSoup` to physically partition the DOM into 'safe' (JS/CSS stripped) and 'unsafe' components for offline viewing. To handle massive HTML/JS payloads without freezing the Tkinter text widgets, I implemented a custom `Pygments` lexing wrapper with strict character limits, ensuring optimal memory management during syntax highlighting.

Key Features

  • 01.Dynamic proxy routing with automated Tor fallback for `.onion` and standard domains
  • 02.DOM manipulation engine that isolates and strips executable JavaScript for secure local viewing
  • 03.Regex-based heuristic vulnerability scanner targeting hardcoded JWTs, API keys, and credentials
  • 04.Thread-safe, non-blocking Tkinter GUI featuring real-time logging and segmented artifact workspaces
  • 05.Automated CSS extraction and real-time visual color palette harvesting directly in the UI
This tool bridges the gap between manual scraping and heavyweight automated vulnerability scanners. The desktop interface provides immediate visual feedback and segregated workspaces for HTML, CSS, and JS artifacts. By enforcing strict separation between the frontend Tkinter rendering UI and the backend network/parsing threads, it guarantees a fluid experience even when analyzing hostile, WAF-protected, or exceptionally large web applications.