Hey HN – I’m a solo dev building PenZen, a security tool for people who run websites but don’t want to become security experts.
It runs a headless scan using OWASP ZAP under the hood (so it finds real issues—like vulnerable plugins, misconfigs, open ports—not just “is your SSL valid?”). Then it adds an AI layer that:
Prioritizes issues based on actual risk
Explains them in plain English
Suggests relevant fixes based on your stack (WordPress, Laravel, etc.)
You stay in control—PenZen doesn’t auto-fix anything. But you can mark issues as resolved or ignored, and get alerts in Slack, Discord, Email, or via webhook.
It also includes uptime monitoring out of the box, so you don’t need a second tool just to know if your site went down.
I built this after dealing with one too many vague vulnerability reports and noisy dashboards. Would love feedback—especially from folks who’ve built or used security tools before. What would make this genuinely useful for you?
Looks useful. I don't have a use-case for it at the moment, but I hope you will find your target market!
Happy to answer any questions about how this works under the hood—like how I’m orchestrating OWASP ZAP in headless mode, how the AI layer generates fixes based on your stack, or how alerting and issue resolution are handled.
Also very open to feedback on what’s missing or what feels unnecessary. I’m trying to build something that’s genuinely useful for devs—not just another dashboard that gets ignored.