Supported Scan Profiles
This document provides a detailed overview of the supported scan profiles, including their descriptions and key features.
🌐 Web Assets
Security assessments focused on web applications, APIs, and cloud-hosted services.
| Profile Name | Description | Supported Features |
|---|---|---|
| Full Web Scan | A comprehensive security assessment covering the entire web application stack, including frontend, backend, and APIs. | • Automated deep crawling & session-aware navigation • Advanced Injection detection (SQLi, NoSQLi, Command Injection) • Cross-Site Scripting (XSS) & Local/Remote File Inclusion (LFI/RFI) • XML External Entity (XXE) & Server-Side Template Injection (SSTI) • Software Composition Analysis (SCA) for vulnerable dependencies |
| Web Exhaustive Scan | An expansive external posture assessment designed to identify all reachable web assets and common misconfigurations. | • Subdomain enumeration & virtual host discovery • Nuclei-powered template scanning for thousands of CVEs • Specialized WordPress & CMS security auditing • Publicly exposed sensitive file discovery (e.g., .env, .git) • Rapid identification of low-hanging fruit and high-impact exposures |
| Web Deep Agentic Scan | An AI-powered, autonomous pentesting profile that goes beyond pattern matching to discover complex logic flaws. | • Autonomous vulnerability chaining (e.g., SSRF to RCE) • Business logic flaw identification & exploitation • Automated Proof-of-Concept (PoC) exploit generation • Context-aware attack path exploration using Large Language Models • Dynamic validation of sophisticated security bypasses |
| Web Single Vulnerability Assessment | A targeted validation profile used to confirm the existence and exploitability of a specific reported risk. | • Targeted vulnerability validation and re-testing • Manual-like precision in confirming exploitable entry points • Actionable risk insights with verified impact analysis • Streamlined verification for remediation tracking |
📱 Mobile Assets (Android/iOS)
Specialized analysis for mobile applications, focusing on binary security, privacy, and backend communication.
| Profile Name | Description | Supported Features |
|---|---|---|
| Full Scan | A deep-dive analysis of mobile binaries and their interaction with backend services (Static + Dynamic + Backend). | • Static Analysis (SAST) of application code and assets • Insecure cryptography & hardcoded secret detection • Insecure programming patterns & sensitive API usage audit • Dynamic analysis of application behavior at runtime • Backend API fuzzing & communication security analysis |
| Fast Scan | A lightweight, rapid static analysis profile optimized for quick feedback during development cycles. | • Rapid identification of common configuration errors • Detection of hardcoded API keys, tokens, and secrets • Analysis of vulnerable programming patterns in source/bytecode • Fast Software Composition Analysis (SCA) for third-party SDKs |
| Mobile Deep Agentic Scan | AI-driven autonomous assessment that uncovers complex vulnerabilities within mobile application logic. | • Chaining of local application flaws with backend vulnerabilities • Automated identification of sophisticated attack paths • Validation of findings through runtime Proof-of-Concept exploits • AI-assisted navigation of complex application workflows |
| Mobile Single Vulnerability Assessment | Targeted validation of mobile-specific security risks and vulnerabilities. | • Targeted validation of reported mobile vulnerabilities • Confirmation of exploitable flaws (e.g., Deep Link hijacking, Insecure IPC) • Detailed impact verification for specific risk findings |
| Mobile Shielding Scan | A specialized assessment focused on the effectiveness of application hardening and anti-tampering measures. | • Obfuscation quality and coverage analysis • Anti-tampering & integrity check effectiveness • Anti-debugging & root/jailbreak detection validation • Analysis of code protection and environment shielding mechanisms |
| Privacy Scan | A compliance-focused scan identifying privacy risks and unauthorized data exfiltration. | • Detection of exposed PII (Personally Identifiable Information) • Analysis of data flows to third-party trackers and SDKs • Audit of inadequate encryption for data-at-rest and in-transit • Verification of permission usage vs. privacy policy compliance |
🖥️ Network Assets
Infrastructure-level assessments focused on server security, network services, and device configurations.
| Profile Name | Description | Supported Features |
|---|---|---|
| Full Network Scan | In-depth discovery and vulnerability assessment of network-attached infrastructure. | • Advanced port scanning & service version fingerprinting • Identification of vulnerable network services and legacy protocols • Security configuration audit for SSH, TLS/SSL, and web servers • Detection of default credentials and weak authentication mechanisms |
| IP Exhaustive Scan | High-breadth external network scan focused on discovering and auditing large IP ranges. | • Comprehensive IP range discovery and service mapping • Nuclei-driven scanning for critical infrastructure CVEs • Identification of exposed management interfaces (RDP, VNC, Telnet) • Vulnerability matching across discovered service versions |
| Network Deep Agentic Scan | Autonomous AI assessment of network infrastructure to discover complex lateral movement paths. | • AI-powered exploration of network service interdependencies • Chaining of service misconfigurations to achieve elevated access • Automated validation of network risks with PoC evidence • Analysis of complex infrastructure attack surfaces |
| Network Single Vulnerability Assessment | Targeted validation of infrastructure-level risks and misconfigurations. | • Precise validation of reported network vulnerabilities • Confirmation of service-level exploits and configuration flaws • Actionable impact analysis for infrastructure assets |
🔍 Attack Surface Assets
Organization-wide assessments focused on discovering the "digital footprint" and external exposures.
| Profile Name | Description | Supported Features |
|---|---|---|
| Attack Surface Exhaustive Scan | A holistic discovery process to map the entire external attack surface of an organization. | • Continuous subdomain discovery & asset mapping • Monitoring of public mobile stores & public code registries • Correlation of analytics & threat intelligence data • Identification of "shadow IT" and abandoned infrastructure |
| Attack Surface KEV Scan | A prioritized discovery scan focused on Known Exploited Vulnerabilities (KEV). | • High-priority monitoring for CISA KEV and active threats • Rapid assessment of newly discovered assets for known exploits • Focused reporting on critical, actionable external exposures |