Show HN: GoScopeAI – AI-powered web scanner with Llama3 vuln analysis (github.com)

GoScopeAI is a new open-source, high-performance web scanner written in Go that pairs fast concurrent fuzzing and a headless browser with Llama 3.3 (70B) via Groq Cloud to triage and analyze findings. Targeted at pentesters, bug-bounty hunters, and security teams, it promises to scan thousands of URLs in seconds with adjustable threading, crawl nested paths with a BFS crawler, and render SPAs (React/Vue/Angular) to capture XHR/Fetch requests invisible to static scanners. The standout feature is AI-driven analysis of HTTP responses to filter noise, prioritize real risks (e.g., exposed admin panels vs. public login pages), and flag sensitive artifacts like PII, API keys, and stack traces. Technically, GoScopeAI runs in three modes—Scan (HTTP fuzzing + crawler), Headless (real browser rendering), and Combo (both sequentially)—and produces Markdown reports sorted by risk. The AI step is interactive: the tool prompts for a Groq API key to use Llama 3.3 for response classification; the authors assert strict prompting to minimize hallucinations. Practical implications: it can greatly reduce manual triage and speed up reconnaissance, but reliance on a cloud LLM raises data-leakage and privacy considerations and underscores the need to run only against authorized targets. Requirements: Go 1.21+, Chrome/Chromium for headless mode.