Legal, malware-free implementation of steamtools.net features
A secure, open-source web application that provides read-only views of public Steam data using official Steam Web APIs. Built with security-first principles and zero tolerance for malware or illegal activities.
SafeSteamTools allows users to:
- View public Steam profile information
- Browse owned games with playtime statistics
- Check achievements for publicly available games
- View public inventory items with market price estimates
- Export profile data as JSON
IMPORTANT LEGAL NOTICE: This application:
- โ Uses ONLY official Steam Web APIs
- โ Requires NO Steam passwords or credentials
- โ Operates in READ-ONLY mode
- โ Does NOT unlock paid content
- โ Does NOT circumvent DRM
- โ Does NOT modify game files
- โ Is NOT affiliated with Valve Corporation
Download SafeSteamTools.exe - No installation required!
-
Download the latest release: ๐ Download SafeSteamTools-v1.0.0-windows.zip
-
Extract and run:
1. Extract ZIP file 2. Double-click INSTALL.bat for guided setup 3. Get Steam API key: https://steamcommunity.com/dev/apikey 4. Edit .env file with your API key 5. Run SafeSteamTools.exe -
Access your Steam data:
- Open browser: http://localhost:3001
- Enter any public Steam ID to view profile data
- No Steam login required - uses public APIs only!
Every release is scanned for malware before publication:
# Verify file integrity (compare with SHA256SUMS.txt)
sha256sum SafeSteamTools.exe
# Scan with your antivirus (always recommended)
Windows Defender, ClamAV, or your preferred scannerSecurity Features:
- โ Scanned with 70+ antivirus engines via VirusTotal
- โ No network access except official Steam APIs
- โ No file system modifications
- โ No admin privileges required
- โ Open source - audit the code yourself!
Test with these public Steam IDs:
76561198000000000(Example profile)- Your own Steam ID (if public)
- Friends' Steam IDs (if their profiles are public)
API Examples:
# Get profile info
curl http://localhost:3001/api/profile/76561198000000000
# Get games list
curl http://localhost:3001/api/games/76561198000000000
# Get CS:GO inventory
curl http://localhost:3001/api/inventory/76561198000000000/730โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ Next.js โ โ Node.js โ โ Steam Web โ
โ Frontend โโโโโบโ Backend โโโโโบโ API โ
โ (React/TS) โ โ (Express) โ โ (Official) โ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโ
โ PostgreSQL โ
โ (Caching) โ
โโโโโโโโโโโโโโโโ
- Frontend: Next.js 14, React 18, TypeScript, TailwindCSS
- Backend: Node.js, Express, TypeScript
- Database: PostgreSQL (with Redis for caching)
- Infrastructure: Docker, Docker Compose
- Testing: Jest, Testing Library, Supertest
- CI/CD: GitHub Actions
- Deployment: Vercel (frontend) + Render/Railway (backend)
- Node.js 18+
- Docker & Docker Compose
- Steam Web API Key (get one here)
-
Clone and setup:
git clone https://github.com/KYOOOOP/SafeSteamTools.git cd SafeSteamTools cp .env.example .env -
Configure environment: Edit
.envand add your Steam API key:STEAM_API_KEY=your_steam_api_key_here
-
Start with Docker:
docker-compose up --build
-
Or start manually:
# Install dependencies npm install cd frontend && npm install && cd .. cd backend && npm install && cd .. # Start database docker-compose up -d postgres redis # Start backend cd backend && npm run dev & # Start frontend cd frontend && npm run dev
-
Access the app:
- Frontend: http://localhost:3000
- Backend API: http://localhost:3001
# Run all tests
npm run test
# Run with coverage
npm run test:coverage
# Run specific test suites
npm run test:frontend
npm run test:backend
npm run test:e2e- Dependency Scanning: Automated vulnerability checks with npm audit and Snyk
- Static Analysis: TypeScript strict mode, ESLint, Semgrep rules
- Malware Scanning: All artifacts scanned with multiple AV engines
- Container Security: Non-root Docker containers with capability limits
- Rate Limiting: API rate limiting and caching to prevent abuse
- Secrets Management: Environment-based configuration, no hardcoded secrets
- Signed Releases: GPG-signed releases with SHA256 checksums
# Get public profile info
curl http://localhost:3001/api/profile/76561198000000000
# Expected response:
{
"steamid": "76561198000000000",
"personaname": "PlayerName",
"avatarfull": "https://...",
"realname": "Real Name",
"loccountrycode": "US",
"communityvisibilitystate": 3
}# Get owned games
curl http://localhost:3001/api/games/76561198000000000# Get inventory for app ID
curl http://localhost:3001/api/inventory/76561198000000000/730See DEPLOYMENT.md for detailed deployment instructions for:
- Vercel + Render
- Docker containers
- Kubernetes
This project undergoes automated security scanning:
- Dependency vulnerabilities:
npm audit+ Snyk - Static analysis: ESLint + TypeScript + Semgrep
- Container scanning: Trivy + Docker Scout
- Malware detection: ClamAV + VirusTotal integration
See SECURITY_AUDIT.md for latest scan results.
See RELEASE_CHECKLIST.md for complete release procedures including:
- Build verification
- Security scanning
- Artifact signing
- Publication steps
- Fork the repository
- Create a feature branch
- Run tests and security checks
- Submit a pull request
All PRs must pass:
- Unit tests (80%+ coverage)
- Security scans (no critical vulnerabilities)
- Static analysis checks
- Malware scans
MIT License - see LICENSE file.
This software is designed exclusively for viewing publicly available Steam data through official APIs. Any use for:
- Circumventing game DRM
- Unlocking paid content
- Modifying game files
- Automating purchases or trades
- Any form of piracy
IS STRICTLY PROHIBITED and violates the software's intended use.
- Issues: GitHub Issues
- Security: See SECURITY.md for responsible disclosure
- Documentation: Wiki
Not affiliated with Valve Corporation or Steam.