Scan Features
Users can choose between three scan types, "full", "default" or "lite" scans. Lite and default scans have fewer features but finish much faster than "full" scans.
| Assessment Area | Lite Scan | Default scan | Full Scan | Description |
|---|---|---|---|---|
Headers Misconfiguration Issues | Examines header components to find misconfigurations, and authentication issues in your application. | |||
Email Spoofing (SMTP) | Examines the Simple Mail Transfer Protocol (SMTP) of the host for email falsification vulnerabilities | |||
Web Application Firewall Issues (WAF) | The waf_task is designed to detect the presence of a Web Application Firewall (WAF) on the target website. The identification of a WAF is essential to understanding the website's security posture and the measures taken to safeguard against potential threats | |||
Version-based Software Issues | Fetches technologies used and reports version-based vulnerabilities with CVE data | |||
Common Vulnerabilities and Exposures (CVEs) | Checks for all CVE Entries and lists CVE References for the found vulnerabilities. | |||
Leaked Credentials | By accessing various leaked credentials databases (internal and external), this task aims to identify any instances where the target domain's credentials have been exposed | |||
SQL Injection | By performing an iterative loop through all found URLs, this task identifies and tests for potential SQL injection points. | |||
Subdomain Takeover | Detects vulnerable subdomains that could to be claimed by an unauthorized individual or attacker | |||
Cross-Site Scripting (XSS) | Thoroughly examines the URL and its parameters to detect any potential XSS threats that could compromise the security of the web application. | |||
Authentication Brute Force | Utilizes open and leaked information to understand the possibility of gaining unauthorized access to web applications through web form submissions | |||
Open Redirect | Identifies open redirect vulnerabilities, which can potentially lead to security breaches and phishing attacks | |||
Text4Shell | Identifies the presence of the Text4Shell vulnerability within the target domain or website, avoiding malicious actors that can potentially execute arbitrary commands on the target server | |||
CMS Issues (WordPress, Drupal, etc.) | Seeks out used Content Management System (CMS) software and related framework details. It also reports vulnerabilities for exposed users. | |||
Open Source Intelligence (OSINT) | Queries the Shodan database to identify exposed services, open ports, and other accessible information. | |||
File and Directory Enumeration | Performs file and directory enumeration to identify files that should not exist or have improper read permissions |
Issue groups
Last updated