Show HN: SiteIQ – LLM and Web security testing tool (built by a high schooler)
github.comHi HN! I'm an 11th grade student learning cybersecurity and web development. I built SiteIQ as a hands-on way to understand security vulnerabilities, SEO, and how to test them.
I used AI as my coding partner throughout this project – it helped me understand concepts, debug issues, and write code. Building with AI felt like having a patient tutor available 24/7. I learned way more than I would have just following tutorials.
What it does: - Security Testing: OWASP Top 10 (SQL injection, XSS, CSRF, etc.) - SEO Analysis: Meta tags, schema markup, Core Web Vitals - GEO Testing: Multi-region accessibility and latency - LLM Security: Prompt injection, jailbreaking, system prompt leakage, and "Denial of Wallet" attacks
The LLM security part was the most interesting to build. With everyone adding AI to their apps, I wanted to understand how prompt injection actually works and how to test for it.
Features: - Web UI with real-time console output - CLI for automation - Self-hosted (no data leaves your machine)
Tech: Python, Flask, pytest
GitHub: https://github.com/sastrophy/siteiq
I'd love feedback – are there vulnerabilities I'm missing? Any suggestions for the LLM attack payloads?
This is my first open source project, so any advice is welcome!
[dead]