Hey HN – I’m a solo dev building PenZen, a security tool for people who run websites but don’t want to become security experts.<p>It runs a headless scan using OWASP ZAP under the hood (so it finds real issues—like vulnerable plugins, misconfigs, open ports—not just “is your SSL valid?”). Then it adds an AI layer that:<p>Prioritizes issues based on actual risk<p>Explains them in plain English<p>Suggests relevant fixes based on your stack (WordPress, Laravel, etc.)<p>You stay in control—PenZen doesn’t auto-fix anything. But you can mark issues as resolved or ignored, and get alerts in Slack, Discord, Email, or via webhook.<p>It also includes uptime monitoring out of the box, so you don’t need a second tool just to know if your site went down.<p>I built this after dealing with one too many vague vulnerability reports and noisy dashboards. Would love feedback—especially from folks who’ve built or used security tools before. What would make this genuinely useful for you?