Local configuration analysis & validation dashboard built with Python and Streamlit.
Modern sysadmin-style tooling for config inspection, security checks and risk reporting.
Config Inspector is a lightweight local dashboard designed to analyze configuration files, detect risky settings, validate config structure, and generate simple security-oriented reports.
The application helps inspect uploaded config files such as:
.env.json.yaml.ini.cfg.conf
and highlights possible security or configuration issues inside a clean modern dashboard interface.
This project was created as part of my learning journey during my Ausbildung as a Fachinformatiker fรผr Systemintegration.
The application runs fully locally and does not require:
- cloud services
- paid APIs
- databases
- Docker
- external infrastructure
All analysis is performed locally on uploaded files only.
- Modern overview page
- Config inspection workflow explanation
- Professional internal-tool style UI
- Clean metric cards and navigation
- Upload local config files
- Detect file type automatically
- Preview raw config content
- Load included sample configs
- File metadata overview
- JSON validation
- YAML validation
- INI/CFG parsing
- ENV variable parsing
- Generic key=value detection
- Friendly error handling for invalid files
Detect risky settings such as:
- Debug mode enabled
- Development environments
- Weak/default passwords
- Hardcoded secrets
- Public access enabled
- SSL/TLS disabled
- Empty secret values
Severity levels:
- INFO
- WARNING
- HIGH
- CRITICAL
- Simple risk scoring system
- Severity distribution
- Overall configuration risk level
- Findings overview table
- Risk summary metrics
- Generate local config inspection reports
- TXT report export
- CSV export for findings
- Security findings summary
| Technology | Purpose |
|---|---|
| Python | Core language |
| Streamlit | Dashboard UI |
| pandas | Tables & reporting |
| PyYAML | YAML parsing |
| configparser | INI parsing |
| regex | Pattern detection |
| pathlib | File handling |
The interface is inspired by:
- modern internal IT dashboards
- infrastructure validation tools
- security audit panels
- sysadmin workflows
- Dark mode only
- Professional dashboard layout
- Soft glass-like cards
- Terminal-style preview sections
- Severity badges
- Responsive layout
- Modern typography
- Cyber-inspired accent colors
- Python 3.10 or newer recommended
- Local laptop or desktop
- Internet access only for installing Python packages
git clone https://github.com/mrachcore/config-inspector.gitcd config-inspectorpython -m venv .venv.venv\Scripts\activatesource .venv/bin/activatepip install -r requirements.txtstreamlit run app.pyStreamlit will print a local URL, usually:
http://localhost:8501
Open that URL in your browser.
config-inspector/
โ
โโโ app.py
โโโ requirements.txt
โโโ README.md
โ
โโโ assets/
โ โโโ logo.png
โ
โโโ sample_configs/
โ โโโ sample.env
โ โโโ sample.json
โ โโโ sample.yaml
โ โโโ sample.ini
โ
โโโ screenshots/
โ โโโ dashboard.png
โ โโโ upload-config.png
โ โโโ structure-viewer.png
โ โโโ security-checks.png
โ โโโ risk-overview.png
โ โโโ reports.png
โ
โโโ utils/
โโโ config_parser.py
โโโ security_checks.py
โโโ report_generator.py
The project includes example configuration files inside:
sample_configs/
Included examples:
- sample.env
- sample.json
- sample.yaml
- sample.ini
These files contain fictional insecure settings for testing and demonstration purposes only.
Example findings:
- weak passwords
- debug mode enabled
- public access enabled
- development environment settings
- hardcoded secrets
This project was built to:
- improve Python skills
- learn config parsing workflows
- practice security-oriented validation logic
- understand common configuration risks
- build realistic sysadmin tooling
- create a professional portfolio project
- Config file parsing
- JSON/YAML validation
- Regex-based security checks
- Streamlit dashboard development
- Risk scoring systems
- Report generation
- Error handling
- Building beginner-friendly tooling
Possible future additions:
- TOML support
- XML config support
- Docker compose inspection
- Kubernetes YAML validation
- Rule customization
- Advanced secret detection
- Config comparison mode
- PDF report export
- All analysis is performed locally.
- No uploaded files leave the machine.
- The application does not connect to production systems.
- Invalid configs are handled gracefully where possible.
- Example configs are fictional and intended only for testing.
Code. Connect. Control.
Repository:
https://github.com/mrachcore/config-inspector
This tool was created for educational and portfolio purposes.
Use responsibly and only with configuration files you are authorized to analyze.