70 Security Modules

Quantum Vulnerability Assessment

Evidence-led post-quantum cryptography risk scanner -- detects quantum-vulnerable algorithms across scoped services

HNDL Risk Assessment

Harvest Now Decrypt Later risk calculator -- quantifies data exfiltration exposure to future quantum adversaries

Post-Quantum Readiness

High-level PQC blueprint and migration roadmap with ML-KEM, ML-DSA, SLH-DSA migration planning

Hybrid TLS Analysis

Detects hybrid TLS configurations combining classical and post-quantum key exchange mechanisms

TLS PQC Readiness

Lightweight TLS/PKI risk assessment for post-quantum transition readiness

Email Crypto (DKIM/SPF/DMARC)

Email infrastructure quantum risk scanner covering DKIM, SPF, DMARC, and MTA-STS posture

SSH Crypto Analysis

Lightweight SSH protocol scanner -- detects quantum-vulnerable key exchange and cipher algorithms without authentication

Cloud Crypto Scanner

Scanner for cloud provider cryptographic configurations across AWS, Azure, and GCP

Crypto Dependency Scanner

Dependency scanner for crypto library vulnerabilities and quantum-vulnerable package versions

Container Crypto Scanner

Scanner for embedded certificates, hardcoded keys, and weak crypto patterns in container images

Kubernetes Crypto Scanner

Audits live Kubernetes secrets, ConfigMaps, and ingress TLS for cryptographic misconfigurations

Crypto AST Analysis

Source code AST scanner for weak cryptographic patterns and quantum-vulnerable algorithm usage

External Crypto Drift

Drift detection comparing current external crypto posture against baseline snapshots

Disk Encryption Scanner

Disk and storage encryption scanner with HNDL risk assessment for data-at-rest

VPN/IPSec Crypto

VPN/IPSec security scanner with IKE protocol analysis and quantum-vulnerability detection

Registry Crypto Inventory

Summarizes registry asset signing posture and cryptographic configuration across container registries

TLS/SSL Configuration

SSL/TLS configuration and vulnerability scanner -- detects weak protocol versions, insecure cipher suites, and certificate issues

Certificate Policy

Checks CAA records and HSTS posture -- validates certificate issuance policy and enforcement

Enhanced Security Headers

Enhanced security headers analysis with grading -- CSP, HSTS, X-Frame-Options, Referrer-Policy, and more

TLS Termination Mapper

Parses TLS termination configuration snapshots to map where encryption is applied across infrastructure

Service Mesh Crypto Mapper

Summarizes mesh crypto posture from provided config snapshots -- mTLS enforcement and certificate rotation

HTTP Security Headers

HTTP security configuration scanner covering all modern browser security directives

CORS Configuration

Autonomous CORS vulnerability scanner detecting misconfigured cross-origin resource sharing policies

WAF Detection

Web Application Firewall detection and fingerprinting -- identifies WAF vendor and bypass opportunities

JavaScript Secrets

Lightweight JS secret finder for public web apps -- API keys, tokens, and credentials in client-side code

Git Repository Exposure

Scanner for exposed version control and configuration files -- .git directories, env files, and backup files

JS Crypto Analysis

Deep JavaScript crypto pattern analysis -- detects deprecated algorithms and vulnerable crypto library usage

JWT Security Testing

Advanced JWT security vulnerability tester -- algorithm confusion, weak secrets, and missing validations

WordPress Exploit Chain

Passive and safe-mode checks for vulnerable WordPress plugins, themes, and core security issues

Authenticated App Tester

Tests authenticated areas for authorization gaps, privilege escalation, and session management issues

Malicious File Upload Tester

Tests file upload endpoints for security vulnerabilities including type bypass and path traversal

SSRF Scanner

Autonomous SSRF vulnerability scanner -- detects server-side request forgery via URL parameters and headers

Port Scanner

TCP port scanner with banner grabbing -- maps exposed services across the full IPv4 port range

DNS Zone Transfer

Attempts AXFR against authoritative nameservers to enumerate complete DNS zone contents

Subdomain Discovery

Active subdomain brute-force enumeration module with comprehensive wordlist coverage

Subdomain Takeover Risk

Autonomous subdomain takeover scanner -- detects dangling DNS records pointing to deprovisioned services

DNSSEC Validation

DNSSEC validation scanner module -- checks chain of trust, signature validity, and zone signing

FTP Security

FTP server security scanner with proof-of-concept validation -- anonymous access, weak auth, and cleartext exposure

MySQL/Database Probe

MySQL/MariaDB security scanner with proof-of-concept validation -- exposed ports, auth bypass, and version fingerprinting

Database Scanner

Multi-database exposure scanner with protocol detection and TDE assessment across SQL and NoSQL systems

Service Detection

Service and version detection scanner -- fingerprints running services for vulnerability correlation

Discovered Host Scanning

Deep scanner for discovered infrastructure -- comprehensive coverage of subdomains and IP ranges found during consented discovery

KMS & Vault Inventory

Summarizes KMS and Vault key metadata -- assesses key age, rotation posture, and algorithm strength (no secret material)

PKI/SSO Auditor

Summarizes PKI and SSO configuration posture -- certificate authorities, SAML/OIDC providers, and token validation

SIEM Crypto Event Ingestor

Summarizes SIEM crypto and identity events -- detects cryptographic anomalies in security event logs

XXE Advanced Tester

Advanced XXE (XML External Entity) vulnerability tester -- file read, SSRF, and out-of-band data exfiltration

Public Exposure Discovery

Checks approved public exposure datasets for exposed services and CVEs

GitHub Secret Scanning

Scans GitHub/GitLab for leaked secrets related to the target domain -- API keys, tokens, and credentials

CT Log Subdomains

Certificate Transparency log subdomain enumeration -- discovers all domains issued certificates by any CA

Multi-Cloud Buckets

AWS S3, Azure Blob, and GCP Storage bucket enumeration -- discovers exposed object storage buckets

ASN/IP Discovery

ASN and IP range discovery via BGP data -- maps all IP space owned by the target organization

Robots/Sitemap Mining

Mines robots.txt and sitemap.xml for interesting paths, hidden directories, and disallowed routes

Favicon Tech ID

Identifies technologies via favicon fingerprinting using hash-based matching against known software databases

Historical Exposure (Wayback)

Discovers historical URLs for a target domain via Wayback Machine -- reveals removed content and past exposures

Cloud Bucket Exposure

Checks for inferred S3 buckets and public exposure -- tests common naming patterns and access controls

CT Log Monitoring

Certificate Transparency Log monitor -- detects newly issued certificates for brand impersonation and phishing

Company Asset Discovery

Discovers all digital assets owned by a company -- domains, IPs, cloud accounts, and subsidiary infrastructure

Public Surface Enumeration

Enumeration based on approved inventories and targets -- comprehensive external attack surface mapping

API Discovery

REST API and GraphQL endpoint discovery scanner -- enumerates API surface via path fuzzing and spec file detection

API Endpoint Discovery

Lightweight discovery of common API endpoints -- tests standard REST patterns and versioned API paths

GraphQL Risk Intelligence

GraphQL endpoint risk intelligence -- introspection abuse, batching attacks, and authorization testing

API Security Tester

OWASP API Security Top 10 (2023) autonomous tester -- broken object level auth, excessive data exposure, and more

Advanced SQLi Testing

Advanced SQL injection vulnerability tester -- time-based blind, error-based, and out-of-band exfiltration

Repository Crypto Scanner

Lightweight repo crypto inventory -- scans public and private repositories for cryptographic artifacts

CI/CD Crypto Auditor

Summarizes CI/CD crypto posture -- pipeline secrets, signing keys, and build artifact integrity

SBOM Generation

Generates SBOM using syft -- produces a complete software bill of materials for dependency tracking

Nuclei Vulnerability Scanner

Runs nuclei templates against the target -- community-maintained vulnerability templates for rapid detection

Service Discovery Mapper

Ingests service discovery and API catalog metadata -- maps services to compliance frameworks and risk domains

Cloud Metadata Collector

Summarizes cloud assets from provided metadata snapshots -- inventory for compliance reporting and audit evidence

GitHub Secret Scanner

Lightweight public GitHub org scanner -- compliance evidence for secret management and data leakage controls