QScout Capabilities
74 Security Modules
Comprehensive cryptographic and security assessment across 8 categories.26 crypto + PQC capabilities dedicated to quantum/PQC analysis.
Approved Public Scope
QScout Surface starts from 46 approved external modules. Silver expands to 57 modules, Gold covers the full 74-module governed catalog, and Pulse keeps the baseline current through reassessment.
26
Crypto + PQC
14
Infrastructure
11
Web App
12
OSINT
Featured Capabilities
All 74 catalog modules shown. Full module specifications available during sales engagement.
Cryptographic & Quantum Security
Post-quantum cryptography assessment and Cryptographic Debt analysis
Quantum Risk Assessment
Evidence-led post-quantum cryptography risk scanner -- detects quantum-vulnerable algorithms across scoped services
HNDL Risk Assessment
Harvest Now Decrypt Later risk calculator -- quantifies data exfiltration exposure to future quantum adversaries
Post-Quantum Readiness
High-level PQC blueprint and migration roadmap with ML-KEM, ML-DSA, SLH-DSA migration planning
Hybrid TLS Analysis
Detects hybrid TLS configurations combining classical and post-quantum key exchange mechanisms
TLS PQC Readiness
Lightweight TLS/PKI risk assessment for post-quantum transition readiness
Email Crypto (DKIM/SPF/DMARC)
Email infrastructure quantum risk scanner covering DKIM, SPF, DMARC, and MTA-STS posture
SSH Crypto Analysis
Lightweight SSH protocol scanner -- detects quantum-vulnerable key exchange and cipher algorithms without authentication
Cloud Crypto Scanner
Scanner for cloud provider cryptographic configurations across AWS, Azure, and GCP
Crypto Dependency Scanner
Dependency scanner for crypto library vulnerabilities and quantum-vulnerable package versions
Container Crypto Scanner
Scanner for embedded certificates, hardcoded keys, and weak crypto patterns in container images
Kubernetes Crypto Scanner
Audits live Kubernetes secrets, ConfigMaps, and ingress TLS for cryptographic misconfigurations
Crypto AST Analysis
Source code AST scanner for weak cryptographic patterns and quantum-vulnerable algorithm usage
External Crypto Drift
Drift detection comparing current external crypto posture against baseline snapshots
Disk Encryption Scanner
Disk and storage encryption scanner with HNDL risk assessment for data-at-rest
VPN/IPSec Crypto
VPN/IPSec security scanner with IKE protocol analysis and quantum-vulnerability detection
Registry Crypto Inventory
Summarizes registry asset signing posture and cryptographic configuration across container registries
+ 0 more modules
TLS/SSL & Certificate Analysis
Certificate chain validation and TLS configuration analysis
TLS/SSL Configuration
SSL/TLS configuration and vulnerability scanner -- detects weak protocol versions, insecure cipher suites, and certificate issues
Certificate Policy
Checks CAA records and HSTS posture -- validates certificate issuance policy and enforcement
Enhanced Security Headers
Enhanced security headers analysis with grading -- CSP, HSTS, X-Frame-Options, Referrer-Policy, and more
TLS Termination Mapper
Parses TLS termination configuration snapshots to map where encryption is applied across infrastructure
Service Mesh Crypto Mapper
Summarizes mesh crypto posture from provided config snapshots -- mTLS enforcement and certificate rotation
+ 0 more modules
Web Application Security
OWASP Top 10 and web-specific vulnerability detection
HTTP Security Headers
HTTP security configuration scanner covering all modern browser security directives
CORS Configuration
Autonomous CORS vulnerability scanner detecting misconfigured cross-origin resource sharing policies
WAF Detection
Web Application Firewall detection and fingerprinting -- identifies WAF vendor and bypass opportunities
JavaScript Secrets
Lightweight JS secret finder for public web apps -- API keys, tokens, and credentials in client-side code
Git Repository Exposure
Scanner for exposed version control and configuration files -- .git directories, env files, and backup files
JS Crypto Analysis
Deep JavaScript crypto pattern analysis -- detects deprecated algorithms and vulnerable crypto library usage
JWT Security Testing
Advanced JWT security vulnerability tester -- algorithm confusion, weak secrets, and missing validations
Anonymous Authz Boundary Tester
Maps unauthenticated workflow boundaries with sealed response-shape proof
WordPress Exploit Chain
Passive and safe-mode checks for vulnerable WordPress plugins, themes, and core security issues
Authenticated App Tester
Tests authenticated areas for authorization gaps, privilege escalation, and session management issues
Malicious File Upload Tester
Tests file upload endpoints for security vulnerabilities including type bypass and path traversal
SSRF Scanner
Autonomous SSRF vulnerability scanner -- detects server-side request forgery via URL parameters and headers
+ 0 more modules
Infrastructure & Network
Network topology mapping and service fingerprinting
Public Service Exposure
Checks approved public service exposure and protocol signals
DNS Zone Transfer
Attempts AXFR against authoritative nameservers to enumerate complete DNS zone contents
Subdomain Discovery
Active subdomain brute-force enumeration module with comprehensive wordlist coverage
Subdomain Takeover Risk
Autonomous subdomain takeover scanner -- detects dangling DNS records pointing to deprovisioned services
DNSSEC Validation
DNSSEC validation scanner module -- checks chain of trust, signature validity, and zone signing
FTP Security
FTP server security scanner with proof-of-concept validation -- anonymous access, weak auth, and cleartext exposure
MySQL/Database Probe
MySQL/MariaDB security scanner with proof-of-concept validation -- exposed ports, auth bypass, and version fingerprinting
Database Scanner
Multi-database exposure scanner with protocol detection and TDE assessment across SQL and NoSQL systems
Service Detection
Service and version detection scanner -- fingerprints running services for vulnerability correlation
Discovered Host Scanning
Deep scanner for discovered infrastructure -- comprehensive coverage of subdomains and IP ranges found during consented discovery
KMS & Vault Inventory
Summarizes KMS and Vault key metadata -- assesses key age, rotation posture, and algorithm strength (no secret material)
PKI/SSO Auditor
Summarizes PKI and SSO configuration posture -- certificate authorities, SAML/OIDC providers, and token validation
SIEM Crypto Event Ingestor
Summarizes SIEM crypto and identity events -- detects cryptographic anomalies in security event logs
XXE Advanced Tester
Advanced XXE (XML External Entity) vulnerability tester -- file read, SSRF, and out-of-band data exfiltration
+ 0 more modules
Public Surface Discovery
Consented public surface discovery and exposure evidence
Public Exposure Reconnaissance
Correlates approved public internet exposure data for exposed services and banners
GitHub Secret Scanning
Scans GitHub/GitLab for leaked secrets related to the target domain -- API keys, tokens, and credentials
CT Log Subdomains
Certificate Transparency log subdomain enumeration -- discovers all domains issued certificates by any CA
Multi-Cloud Buckets
AWS S3, Azure Blob, and GCP Storage bucket enumeration -- discovers exposed object storage buckets
ASN/IP Discovery
ASN and IP range discovery via BGP data -- maps all IP space owned by the target organization
Robots/Sitemap Mining
Mines robots.txt and sitemap.xml for interesting paths, hidden directories, and disallowed routes
Favicon Tech ID
Identifies technologies via favicon fingerprinting using hash-based matching against known software databases
Historical Exposure (Wayback)
Discovers historical URLs for a target domain via Wayback Machine -- reveals removed content and past exposures
Cloud Bucket Exposure
Checks for inferred S3 buckets and public exposure -- tests common naming patterns and access controls
CT Log Monitoring
Certificate Transparency Log monitor -- detects newly issued certificates for brand impersonation and phishing
Company Asset Discovery
Discovers all digital assets owned by a company -- domains, IPs, cloud accounts, and subsidiary infrastructure
Public Surface Enumeration
Enumeration based on approved inventories and targets -- comprehensive external attack surface mapping
Open Evidence Proof Lane
Runs bounded no-credential proof checks with false-positive controls -- converts exposure findings into verifiable evidence
Canary Proof Broker
Brokers owner-supplied canaries for harmless positive exploit-path proof
External Technology Fingerprint
Identifies externally visible frameworks, servers, and crypto-relevant platform signals across approved public assets
+ 0 more modules
API & Application Testing
REST/GraphQL and authenticated application testing
API Discovery
REST API and GraphQL endpoint discovery scanner -- enumerates API surface via path fuzzing and spec file detection
API Endpoint Discovery
Lightweight discovery of common API endpoints -- tests standard REST patterns and versioned API paths
GraphQL Risk Intelligence
GraphQL endpoint risk intelligence -- introspection abuse, batching attacks, and authorization testing
API Security Tester
OWASP API Security Top 10 (2023) autonomous tester -- broken object level auth, excessive data exposure, and more
Advanced SQLi Testing
Advanced SQL injection vulnerability tester -- time-based blind, error-based, and out-of-band exfiltration
+ 0 more modules
DevOps & CI/CD
Pipeline security and container orchestration
Repository Crypto Scanner
Lightweight repo crypto inventory -- scans public and private repositories for cryptographic artifacts
CI/CD Crypto Auditor
Summarizes CI/CD crypto posture -- pipeline secrets, signing keys, and build artifact integrity
SBOM Generation
Generates SBOM using syft -- produces a complete software bill of materials for dependency tracking
Nuclei Vulnerability Scanner
Runs nuclei templates against the target -- community-maintained vulnerability templates for rapid detection
+ 0 more modules
Compliance & Reporting
Audit documentation and compliance mapping
Service Discovery Mapper
Ingests service discovery and API catalog metadata -- maps services to compliance frameworks and risk domains
Cloud Metadata Collector
Summarizes cloud assets from provided metadata snapshots -- inventory for compliance reporting and audit evidence
GitHub Secret Scanner
Lightweight public GitHub org scanner -- compliance evidence for secret management and data leakage controls
+ 0 more modules
Request Full Module Inventory
Get the complete module inventory with technical specifications, coverage details, and sample findings during your scoping call.