Vulnerability Discovery
4 engines
Automatically crawl and test every page, endpoint, and form in your application for known weaknesses.
Template-based vulnerability scanning
Finds known CVEs, misconfigurations, and exposed panels across your entire application.
Fast, customisable scanner powered by thousands of community-maintained templates covering CVEs, misconfigurations, default credentials, and technology-specific weaknesses.
Powered by Nuclei
Web server vulnerability scanning
Detects dangerous files, outdated software, and server misconfigurations that attackers exploit.
Comprehensive server scanner that checks for dangerous files, outdated software versions, and over 6,700 potentially risky files and programs.
Powered by Nikto
WordPress vulnerability scanning
Identifies vulnerable plugins, themes, and core versions that could compromise your WordPress site.
Specialised scanner for WordPress sites. Detects vulnerable plugins, themes, and core versions, enumerates users, and checks for common misconfigurations.
Powered by WPScan
Technology fingerprinting
Maps your technology stack so the right tests are applied automatically.
Identifies CMS platforms, JavaScript frameworks, web servers, analytics tools, and more. Knowing your stack helps prioritise the most relevant security tests.
Powered by WhatWeb
Data Theft Prevention
6 engines
Protect your databases and backend systems from the injection attacks that cause the majority of data breaches.
SQL injection detection
Finds SQL injection flaws that could let attackers steal or modify your database.
Automatically detects and validates SQL injection flaws across all major database engines with support for blind, error-based, UNION, and time-based techniques.
Powered by SQLMap
Cross-Site Scripting detection
Catches XSS flaws that could let attackers hijack user sessions or steal credentials.
Intelligent XSS scanner that analyses context, generates custom payloads, and tests for reflected, stored, and DOM-based cross-site scripting.
Powered by XSStrike
Server-Side Template Injection
Detects template injection that could give attackers full server access.
Tests for injection across popular engines (Jinja2, Twig, Freemarker, Velocity, etc.). SSTI can lead to remote code execution — one of the most critical web vulnerabilities.
LDAP injection testing
Prevents attackers from bypassing authentication or extracting directory information.
Probes login forms and search fields for LDAP injection vulnerabilities that could allow authentication bypass or directory information extraction.
API endpoint fuzzing
Uncovers crashes, data leaks, and logic flaws in your REST and GraphQL APIs.
Sends a wide variety of unexpected payloads to API endpoints — boundary values, special characters, oversized inputs, and injection strings.
Web application fuzzing
Tests every input point for unexpected behaviour that could lead to data exposure.
Flexible, modular fuzzer for brute-forcing parameters, headers, cookies, and form fields with custom wordlists and encoders.
Powered by Wfuzz
Access Security
5 engines
Ensure only the right people can access the right data — and that your login, session, and permission systems can't be bypassed.
JWT security testing
Prevents token-based authentication bypass that could expose all user accounts.
Tests for common JWT vulnerabilities: algorithm confusion, weak signing keys, missing expiration, token replay, and information disclosure in claims.
Role-based access testing
Verifies that users can only access what they should — no privilege escalation.
Tests whether low-privilege users can access admin endpoints, escalate privileges, or access other users' data through role boundary violations.
Object-level access testing
Catches flaws where users can access other users' data by manipulating IDs.
Tests whether users can access or modify resources belonging to other users by manipulating IDs in URLs, request bodies, or headers — one of the most common API security flaws.
Login resistance testing
Ensures your login pages resist credential stuffing and brute-force attacks.
Simulates credential stuffing and brute-force attacks. Verifies account lockout policies, rate limiting, CAPTCHA enforcement, and response timing leaks.
Password policy validation
Confirms your password requirements meet industry standards.
Validates that your password policy enforces sufficient complexity, length, and character requirements. Tests for acceptance of common or breached passwords.
Infrastructure Hardening
6 engines
Verify your servers, certificates, and security headers follow industry best practices and don't leak information.
CORS configuration audit
Prevents cross-site data theft caused by misconfigured resource sharing.
Tests for dangerous CORS misconfigurations: wildcard origins, reflected origins, null origin acceptance, and credential exposure.
Security header analysis
Ensures your HTTP headers protect against clickjacking, XSS, and data sniffing.
Checks for the presence and correct configuration of critical headers: Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, Permissions-Policy, and more.
SSL/TLS configuration testing
Identifies weak encryption that could let attackers intercept sensitive data.
Analyses your TLS configuration for weak ciphers, deprecated protocols, certificate issues, and HSTS misconfiguration.
Powered by SSLyze
Comprehensive TLS scanning
Deep analysis of your encryption setup against known vulnerabilities.
In-depth TLS analysis covering protocol support, cipher suites, key exchange, certificate chain validation, and known vulnerabilities (Heartbleed, POODLE, ROBOT).
Powered by TestSSL
DNS and email security
Prevents subdomain takeover and email spoofing attacks against your domain.
Tests for subdomain takeover risks, validates SPF/DKIM/DMARC email authentication records, checks for dangling CNAME entries, and identifies DNS zone transfer vulnerabilities.
Clickjacking protection testing
Verifies your pages can't be embedded in malicious iframes to trick users.
Tests X-Frame-Options headers and Content-Security-Policy frame-ancestors directives to prevent UI redress attacks.
Business Logic Protection
8 engines
Detect flaws in your application's workflows that let attackers bypass payments, escalate privileges, or abuse functionality.
Request forgery protection
Prevents attackers from tricking users into performing unwanted actions.
Verifies that state-changing requests require valid anti-CSRF tokens or use SameSite cookies. Tests for token bypass techniques and missing validation.
Server-side request forgery
Stops attackers from using your server to access internal systems and cloud metadata.
Tests whether your application can be tricked into making requests to internal services, cloud metadata endpoints, or arbitrary external servers.
File upload security
Prevents malicious file uploads that could compromise your server.
Attempts to upload dangerous file types (web shells, SVG with XSS, polyglot files) to test content-type validation, extension filtering, and server-side handling.
Deserialization testing
Finds insecure deserialization that could lead to remote code execution.
Tests for insecure deserialization in Java, PHP, Python, and .NET applications that could lead to remote code execution, denial of service, or privilege escalation.
WebSocket security
Protects real-time communication channels from hijacking and injection.
Tests WebSocket connections for missing authentication, cross-site hijacking, message injection, and lack of origin validation.
Rate limit testing
Ensures your API can't be overwhelmed or abused through excessive requests.
Verifies that your API and critical endpoints enforce rate limits. Tests for bypass techniques using different headers and concurrent request flooding.
Business logic testing
Catches workflow flaws like price manipulation, coupon abuse, and process bypass.
Tests for price manipulation, workflow bypass, negative quantity attacks, coupon abuse, and other application-specific logic vulnerabilities.
Race condition testing
Detects concurrency bugs that could lead to double-spend or data corruption.
Sends concurrent requests to detect time-of-check-to-time-of-use bugs, double-spend vulnerabilities, and other race conditions.
Attack Surface Mapping
7 engines
Discover what's exposed to the internet — subdomains, open ports, hidden endpoints, and forgotten cloud resources.
Hidden path discovery
Finds admin panels, backup files, and config files that shouldn't be public.
Discovers hidden directories, backup files, admin panels, and configuration files by testing thousands of common paths.
Subdomain discovery
Reveals forgotten subdomains that could be entry points for attackers.
Discovers subdomains using passive sources — certificate transparency logs, DNS datasets, search engines, and web archives — without sending traffic to your infrastructure.
Powered by Subfinder
Comprehensive subdomain mapping
Provides the most thorough mapping of your domain's external footprint.
Combines DNS brute-forcing, web scraping, certificate analysis, and API integrations for comprehensive subdomain enumeration.
Powered by Amass (OWASP)
GraphQL endpoint discovery
Finds exposed GraphQL schemas that could leak your entire data model.
Discovers GraphQL endpoints, performs introspection queries to map the schema, and tests for batching attacks, deep query DoS, and information disclosure.
Digital footprint analysis
Reveals what information about your organisation is publicly available to attackers.
Gathers emails, subdomains, hosts, and employee names from public sources like search engines, PGP key servers, and SHODAN.
Powered by theHarvester
Port and service scanning
Discovers open ports and running services that expand your attack surface.
Discovers open ports, identifies running services and their versions, detects operating systems, and maps firewall rules.
Powered by Nmap
Cloud exposure testing
Finds exposed storage buckets, open metadata endpoints, and cloud misconfigurations.
Tests for exposed S3 buckets, open cloud metadata endpoints, misconfigured storage containers, and other cloud-specific attack vectors across AWS, Azure, and GCP.