Unsecured endpoints
- Orphaned APIs and deprecated routes still routable
- Default admin or debug panels left exposed
- Weak auth paths that enable privilege chaining
Vulnerability Scanning
VulnScan
Aggressive, automated protection against exposed files, weak endpoints, and web-app flaws — without slowing production.
Type of threats
Classic mistakes that keep reappearing
Rotation, handovers, and fast releases leave gaps attackers exploit in minutes.
Leaked files & configs
- Backup archives reachable over the public web
- Secrets in .env or config snapshots
- Open repos like /.git or asset indexes
Injection paths
- Unvalidated GET/POST parameters in high-volume APIs
- SQL/NoSQL payloads accepted without sanitization
- Chained injections that lead to account takeover
Why it matters: in large teams, access changes and rushed deployments often leave
old routes open. Attackers look for exposed repos, keys, and forgotten endpoints, then move laterally.
Public incidents have repeatedly shown how a single exposed folder (like an open .git) can compromise
entire services.
How we protect
Multi-threaded scanning + WAF-aware execution
Our async engine probes endpoints in parallel, honors rate limits, and feeds results straight into your protection workflow.
VulnScan maps subdomains, APIs, file paths, and parameters with adaptive sampling, then correlates risk against known patterns and your custom rules.
Each run ships with proof, reproduction steps, and remediation guidance for engineers and SOC.
VulnScan Web App
Demo
example.site
Info
- Headers missing strict CSP
- Deprecated TLS cipher accepted└ TLS 1.1 still enabled
- Exposed asset map└ /.well-known/assetlinks.json
Medium
- API endpoint without auth└ /api/v4/orders/{order:int}
- Cached auth token reuse└ token valid after logout
- Rate limiting bypass└ /api/v4/user/search?query=*
Critical
- Sensitive data exposure└ dev.company.domain/bkp/last.tar.gz
- Blind SQL injection └ /api/v4/order?order_id=*
- .env file disclosure└ https://company.domain/dev/.env
AI recommendations
- Rotate all leaked secrets and invalidate tokens within 30 minutes.
- Enforce authentication on discovered endpoints and remove legacy routes.
- Add
@protectedbeforedef user_portal(...)to validate authorized access. - Harden file storage policies and add WAF rules for backup path patterns.
- Introduce pre-release scans to catch path exposure before deployment.
- Apply least-privilege access for internal service accounts.
- Block directory listings and disable default debug routes in production.
FAQ
Frequently asked questions
Operational answers for teams evaluating VulnScan in production environments.
Can we schedule VulnScan or trigger it automatically?
Yes. Runs can be scheduled daily, weekly, or during custom windows, and can also be fired via CI/CD so teams get repeatable coverage without manual kickoff.
How customizable are runs?
Over 40 tunables cover thread count, timeout profiles, rate limits, and module selection such as excluding API or subdomain discovery, so scans fit your stack.
What export formats are supported?
Reports export as CSV for bulk triage and PDF for executive-ready summaries. You can also push data into ticketing and SIEM pipelines.
Will the scan affect production traffic?
The engine is WAF-aware, respects rate limits, and runs with safe defaults so it avoids throttling or denial-of-service while still surfacing risky endpoints.
Exposure spreads fast. Your defense should too.
Protect now.