Can we schedule VulnScan or trigger it automatically?

Yes. Runs can be scheduled (daily/weekly/custom windows) or fired via CI/CD so teams get repeatable coverage without manual kickoff.

How customizable are runs?

Over 40 tunables cover thread count, timeout profiles, rate limits, and module selection (e.g., exclude API or subdomain discovery) so scans fit your stack.

What export formats are supported?

Reports export as CSV for bulk triage and PDF for exec-ready summaries; you can also push data into ticketing and SIEM pipelines.

Will the scan affect production traffic?

The engine is WAF-aware, respects rate limits, and runs with safe defaults so it avoids throttling or denial-of-service while still surfacing risky endpoints.

VulnScan Terminal

[root@pentest-suite scanner]# ./scan -vv --level 5 company.domain

[19:44:20] Launching scan...

[19:44:20] Modules loaded: web, api, cloud, secrets

[19:44:23] Enumerating subdomains

... Found: dev-test.company.domain

... Found: dbkp.company.domain

... Found: auth.company.domain

... Found: files.company.domain

[19:45:19] Performing API endpoints scan

... Found: company.domain/api/v4/order/88

... Found: company.domain/api/v4/user/get/4

... Found: company.domain/api/v4/payments/refund

[19:46:45] Testing auth flow + rate limits

... Warning: token reuse detected in /api/v4/user/get

[19:47:22] Performing path scan

... Found: dev-test.company.domain/bkp/last.tar.gz

... Found: dev-test.company.domain/dev/.env

... Found: company.domain/.well-known/assetlinks.json

[19:49:07] Reporting + generating mitigation summary

Scan complete: 2 critical, 7 medium, 14 info

Vulnerability Scanning

VulnScan

Aggressive, automated protection against exposed files, weak endpoints, and web-app flaws — without slowing production.

Request a demo View threats

Type of threats

Classic mistakes that keep reappearing

Rotation, handovers, and fast releases leave gaps attackers exploit in minutes.

Unsecured endpoints

Orphaned APIs and deprecated routes still routable
Default admin or debug panels left exposed
Weak auth paths that enable privilege chaining

Leaked files & configs

Backup archives reachable over the public web
Secrets in .env or config snapshots
Open repos like /.git or asset indexes

Injection paths

Unvalidated GET/POST parameters in high-volume APIs
SQL/NoSQL payloads accepted without sanitization
Chained injections that lead to account takeover

Why it matters: in large teams, access changes and rushed deployments often leave old routes open. Attackers look for exposed repos, keys, and forgotten endpoints, then move laterally. Public incidents have repeatedly shown how a single exposed folder (like an open .git) can compromise entire services.

How we protect

Multi-threaded scanning + WAF-aware execution

Our async engine probes endpoints in parallel, honors rate limits, and feeds results straight into your protection workflow.

VulnScan maps subdomains, APIs, file paths, and parameters with adaptive sampling, then correlates risk against known patterns and your custom rules.

Each run ships with proof, reproduction steps, and remediation guidance for engineers and SOC.

VulnScan Web App Demo

example.site

Start

Info

Headers missing strict CSP
Deprecated TLS cipher accepted└ TLS 1.1 still enabled
Exposed asset map└ /.well-known/assetlinks.json

Medium

API endpoint without auth└ /api/v4/orders/{order:int}
Cached auth token reuse└ token valid after logout
Rate limiting bypass└ /api/v4/user/search?query=*

Critical

Sensitive data exposure└ dev.company.domain/bkp/last.tar.gz
Blind SQL injection └ /api/v4/order?order_id=*
.env file disclosure└ https://company.domain/dev/.env

AI recommendations

Rotate all leaked secrets and invalidate tokens within 30 minutes.
Enforce authentication on discovered endpoints and remove legacy routes.
Add @protected before def user_portal(...) to validate authorized access.
Harden file storage policies and add WAF rules for backup path patterns.
Introduce pre-release scans to catch path exposure before deployment.
Apply least-privilege access for internal service accounts.
Block directory listings and disable default debug routes in production.

Exposure spreads fast. Your defense should too.
Protect now.