XowiaScan
Home Tools Pricing API Docs About Sign in Get started
← All tools

Vulnerability Scanner

Recon & Discovery

Point it at a URL — or paste a raw HTTP request — and get a severity-graded report of misconfigurations and vulnerabilities in one pass.

What is Vulnerability Scanner?

The Vulnerability Scanner is the flagship of the suite: a Burp-style passive analyzer fused with an opt-in active probe engine. Give it a single target and it performs dozens of checks across TLS, DNS, HTTP headers, cookies, CORS, content and parameters, then ranks every finding Critical → High → Medium → Low → Info so you know what to look at first.

It runs in two modes. Simple URL takes a normal address (custom ports like example.com:2525 included) and scans it. Raw HTTP request lets you paste a full request copied from Burp or DevTools — cookies, auth tokens and body included — so the scanner can replay it as your authenticated session and hunt for access-control and injection bugs that only appear behind login.

What it scans for

  • TLS & certificate — expiry, weak protocol/cipher hints, hostname mismatch, chain issues.
  • Security headers — HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and permissions, each graded with a fix.
  • Cookies & JWTs — missing Secure/HttpOnly/SameSite flags, plus offline cracking of weak HS256 JWT secrets and risky-header detection (alg=none, jku, kid).
  • CORS — reflected-origin, null-origin and credentialed-wildcard misconfigurations.
  • Information disclosure — server/version banners, stack traces, source maps, exposed VCS folders, Spring Actuator, GraphQL introspection, secrets in inline JS, HTML comments and emails.
  • Active probes (opt-in) — content-confirmed path enumeration, open-redirect & Host-header canaries, and benign SQLi / SSTI / LFI / XSS / CRLF injection into parameters and request bodies.
  • Access control (raw mode) — auth-bypass replay, CSRF-token stripping, IDOR id mutation, mass-assignment and XXE probes.

Where it fits in your workflow

  • First-pass triage on a new in-scope target before you commit manual time.
  • A safe, logged way to demonstrate findings — every active run is recorded against your account and IP.
  • Re-test after a fix: re-run the same URL or request and compare the severity-graded report.
Use Vulnerability Scanner

Run it from your dashboard.

Create free account Sign in Use via API

At a glance

CategoryRecon & Discovery
RunsServer-side
Token cost 8 / run (free tier)
AccessFree
Status● Live

Frequently asked questions

Is the active scan safe to run?

Active probes send benign canaries (harmless marker strings) rather than destructive payloads, and are strictly opt-in behind an authorization checkbox. Only run them against targets you own or are explicitly authorized to test.

What happens to the cookies and tokens I paste in raw mode?

They are sent only to the target host, never to any third-party lookup service, and are redacted from the saved report and your scan history.

How is severity decided?

Each finding maps to a calibrated Critical/High/Medium/Low/Info level based on real exploitability and impact — not vendor severity labels.

Explore more tools →