Drive every server-side tool from your own scripts and pipelines with scoped API keys. Recon, scanning and lookups — fully programmable.
Restrict a key to specific tools; track usage; revoke anytime.
Standard Authorization: Bearer — works with any HTTP client.
Rate limits, scope rules and SSRF protection apply to API calls too.
21 server tools are API-callable
All-in-one passive + opt-in active scanner — feed a URL or a raw HTTP request and surface misconfigurations and vulnerabilities, graded by severity.
Aggregate subdomains from crt.sh, OTX, Shodan, CertSpotter & more.
Query registrar WHOIS records over port 43.
Passive open-port & CVE exposure lookup (Shodan InternetDB) plus ready-to-run nmap/naabu/rustscan commands — no scan traffic leaves our servers.
Resolve A/AAAA/CNAME/MX/NS/TXT/CAA, follow the CNAME chain, flag subdomain-takeover candidates and check SPF/DMARC + wildcard DNS.
Pull historical URLs from the Internet Archive, then mine parameters, subdomains and sensitive files for testing.
Bulk-probe hosts in parallel — status, redirects, title, tech stack, server, IP & timing — flags notable findings (dir listing, phpinfo, API docs) with filtering & export.
Batch-extract EXIF + IPTC + XMP metadata (GPS, device serials, owner, software) from uploaded images or remote URLs — with a leak summary & reverse-geocoded GPS.
Fetch a URL and grade its security headers.
Probe CORS ACAO/ACAC behavior with a spoofed Origin.
AXFR test, SPF/DMARC/DKIM, DNSSEC & dangling-CNAME check.
Pull disallowed paths and sitemap URLs.
Detect server, CMS, frameworks & libraries.
Fetch & validate /.well-known/security.txt.
Grade Content-Security-Policy & CORS exposure.
Test a parameter for open-redirect & SSRF reflection.
Fingerprint unclaimed CNAMEs (S3, GitHub, Heroku…).
Search CVEs by product/keyword (CIRCL feed).
Browse the Vulnerability Rating Taxonomy with enrichment.
Cloud scratchpad — saved to your account.
Educational request-inspection demo (lab use only).