Security Scanners

Comprehensive vulnerability scan with 25,847 templates. Detects CVEs, XSS, SQLi, and more.

Fast security audit with 3,412 templates for OWASP Top 10 and common vulnerabilities.

Discover hidden directories and files with 8,756 wordlist entries.

Discover and test API endpoints with 4,231 attack patterns.

Identify technologies with 2,847 fingerprints for frameworks and CMS.

Discover historical URLs and sensitive files from web archives.

Crawl websites to find exposed secrets, API keys and endpoints in JS files.

Scan APK files for hardcoded secrets and vulnerabilities.

Advanced Android analysis with decompilation and code review.

Analyze iOS applications for security vulnerabilities.

Find open ports and running services on target systems.

Analyze certificates, detect weak ciphers and misconfigurations.

Get intelligence data for any IP including open ports and CVEs.

Check IPs against multiple threat intelligence databases for abuse reports, noise classification, and reputation data.

Scan cloud infrastructure for exposed buckets and misconfigs.

Discover full attack surface with automated subdomain enumeration.

Detect vulnerable subdomains that can be taken over.

Monitor CT logs to detect unauthorized certificates.

Advanced code analysis with 1,847 security rules for vulnerabilities and secrets.

Scan Docker images with 12,456 vulnerability signatures.

Scan Terraform, CloudFormation, Kubernetes with 3,214 policy checks.

Analyze GitHub repos with 2,156 security patterns.

Scan GitHub repos for exposed secrets with 847 detection patterns.

Advanced secret detection with entropy analysis and 1,523 patterns.

Detect leaked API keys and secrets across GitHub, GitLab & Bitbucket with advanced config patterns.

Validate API keys against 25+ services (OpenAI, GitHub, Stripe, Slack, etc.) to check if they're active.

Monitor GitHub for sensitive data leaks about your company in real-time.

Scan enterprise organizations for exposed secrets and sensitive repos.

Audit for exposed service keys and RLS vulnerabilities.

Detect exposed Supabase API keys and data leaks by scanning website JavaScript.

Check for exposed MongoDB instances and unsecured databases.

Detect exposed Firebase databases and takeover vulnerabilities.

Find misconfigured S3 buckets with public read/write access.

Check DMARC, SPF, DKIM records and data breaches.

Check if your email has been exposed in data breaches.

Check if credentials have been exposed in breaches.

View leaked passwords in plaintext from COMB database. Search by username or email.

Check URLs against 70+ antivirus engines and threat databases.

Scan files for malware, sensitive data, and security issues.

Search the dark web for data leaks, breaches, and mentions of your identity or company.

Search email, domain, phone, credit card, IBAN exposures across breach databases.

Search for compromised data by email address in infostealer databases.

Find compromised employees and credentials associated with your domain.

Find URLs with compromised credentials on your domain.

Search for compromised accounts by username across the web.