Skip to content

Explore our full suite of pentesting tools

Get instant access to 25+ tightly integrated security testing tools that feed findings into a single dashboard with advanced reporting options.


Google Hacking

Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).

Find Domains

Allows you to discover domains associated with a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.

Find Subdomains

Allows you to discover subdomains of a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.

Find Virtual Hosts

Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.

TCP Port Scan

Knowing which network services are exposed to the Internet is essential for securing the network perimeter of a company. With a Nmap portscan, you can easily obtain a quick view of the network attack surface that includes all open TCP ports and services.

UDP Port Scan

Allows you to discover which UDP ports are open on your target host, identify the service versions, and detect the operating system.

Website Recon

This tool allows you to discover the technologies used by a target web application - server-side and client-side. It can also scan multiple virtual hosts on the same IP.

Ready to get started?
Get access to all
25+ tools & constantly evolving features.

Web Vulnerability Scanners

Website Scanner

Finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal, and others. The scanner also identifies specific web server configuration issues.

XSS Scanner

This scanner helps you test if the target web application is affected by Cross-Site Scripting vulnerabilities.

SQLi Scanner

The online scanner identifies SQL Injection vulnerabilities in web applications by crawling and performing a deep inspection of web pages and parameters. Find useful examples in which you can use the SQL Injection scanner below.

WordPress Scanner

This tool helps you discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.

Drupal Scanner

Finds Drupal version, modules, theme, and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings.

Joomla Scanner

Perform a Joomla security assessment by finding vulnerabilities in Joomla core, components, modules, and templates.

SharePoint Scanner

Discover various security weaknesses and vulnerabilities in web applications built on top of Microsoft SharePoint and FrontPage.

Ready to get started?
See what’s included &
choose the best plan for you.

Network Vulnerability Scanners

Network Scan OpenVAS

Since the scanner allows you to detect a wide range of vulnerabilities in network services, operating systems, and also in web servers, its use cases are very diverse

SSL/TLS Scanner

The SSL Scanner connects to the target port and attempts to negotiate various cipher suites and multiple SSL/TLS versions to determine weak configurations and common vulnerabilities (ex. POODLE, Heartbleed, DROWN, ROBOT, etc.). The full version of the SSL Scanner scans multiple ports and services (HTTPS, SMTPs, IMAPs, etc.).

DNS Zone Transfer

Check if the name servers of the target domain are vulnerable to DNS Zone Transfer and attempt to retrieve the full DNS Zone file.

Need more info to decide?
Here’s what our customers say.

Offensive Tools

Sniper: Auto-Exploiter

Sniper automatically exploits known, widespread vulnerabilities in high-profile software. The tool gains remote command execution on the vulnerable targets and automatically runs post-exploitation modules to extract interesting data (artefacts) as solid proof for vulnerability validation.

Password Auditor

The tool scans an URL, IP address, or hostname for network services that require authentication (ex. HTTP web forms, SSH, FTP, MYSQL, PostgreSQL, RDP, etc) and detects weak credentials by trying to log in using the usernames and passwords from the input wordlists.

URL Fuzzer

Discover hidden files and directories (which are not linked in the HTML pages): .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server.
Fuzz the target with your custom wordlist in the specified location.

SQLi Exploiter

Allows you to confirm SQL Injection vulnerabilities in your site, to see the vulnerable parameters, and also to demonstrate the business risk by extracting data from the database. Powered by SQLMap.

XSS Exploiter

The XSS Exploiter allows you to easily demonstrate the true risk of an XSS vulnerability that you found in a web application by creating a Proof-of-Concept scenario. The tool generates a custom JavaScript file that must be included as a payload in the XSS attack. The victim's browser will execute it, sending user data back to this tool. This way, you can harvest the user's cookies, the page HTML content, the page screenshot, the keys pressed by the user.

HTTP Request Logger

This is a useful pentest utility that logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proofs of Concept to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.

Subdomain Takeover

Allows you to discover subdomains of a target organization that point to external services (ex. Amazon S3, Heroku, Github, etc) and are not claimed - leaving them vulnerable to a hostile takeover.

Curious how the platform’s evolving?
Check out the latest updates.



Check if a server is live and responds to ICMP Echo requests. This tool can also be used to find the IP address of a hostname.

Whois Lookup

This tool allows you to perform Whois lookups online and extract information about domain names and IP addresses.