Scan Features

Users can choose between three scan types, "full", "default" or "lite" scans. Lite and default scans have fewer features but finish much faster than "full" scans.

Assessment Area
Lite Scan
Default scan
Full Scan
Description

Headers Misconfiguration Issues

Examines header components to find misconfigurations, and authentication issues in your application.

Email Spoofing (SMTP)

Examines the Simple Mail Transfer Protocol (SMTP) of the host for email falsification vulnerabilities

Web Application Firewall Issues (WAF)

The waf_task is designed to detect the presence of a Web Application Firewall (WAF) on the target website. The identification of a WAF is essential to understanding the website's security posture and the measures taken to safeguard against potential threats

Version-based Software Issues

Fetches technologies used and reports version-based vulnerabilities with CVE data

Common Vulnerabilities and Exposures (CVEs)

Checks for all CVE Entries and lists CVE References for the found vulnerabilities.

Leaked Credentials

By accessing various leaked credentials databases (internal and external), this task aims to identify any instances where the target domain's credentials have been exposed

SQL Injection

By performing an iterative loop through all found URLs, this task identifies and tests for potential SQL injection points.

Subdomain Takeover

Detects vulnerable subdomains that could to be claimed by an unauthorized individual or attacker

Cross-Site Scripting (XSS)

Thoroughly examines the URL and its parameters to detect any potential XSS threats that could compromise the security of the web application.

Authentication Brute Force

Utilizes open and leaked information to understand the possibility of gaining unauthorized access to web applications through web form submissions

Open Redirect

Identifies open redirect vulnerabilities, which can potentially lead to security breaches and phishing attacks

Text4Shell

Identifies the presence of the Text4Shell vulnerability within the target domain or website, avoiding malicious actors that can potentially execute arbitrary commands on the target server

CMS Issues (WordPress, Drupal, etc.)

Seeks out used Content Management System (CMS) software and related framework details. It also reports vulnerabilities for exposed users.

Open Source Intelligence (OSINT)

Queries the Shodan database to identify exposed services, open ports, and other accessible information.

File and Directory Enumeration

Performs file and directory enumeration to identify files that should not exist or have improper read permissions

Issue groups

PreviousScan PreferencesNextSubdomain Finder

Last updated