Scan Modules Overview¶
When you launch a scan, each enabled module runs in sequence against your target. Module 01 (Crawler) discovers the attack surface first, then every subsequent module uses that data to perform targeted security tests.
Results are aggregated into a single report with findings ranked by severity.
Module Summary¶
| # | Module | Focus Area |
|---|---|---|
| 01 | Web Crawler & Discovery | Page discovery, endpoints, forms, JavaScript analysis |
| 02 | SQL Injection | Error-based, blind, time-based, and header-based SQLi |
| 03 | Cross-Site Scripting | Reflected XSS, DOM-based XSS, template injection |
| 04 | JWT Analysis | Algorithm attacks, weak secrets, role escalation |
| 05 | Authentication & Access Control | Default creds, CORS, IDOR, CSRF, rate limiting |
| 06 | Security Headers | Missing headers, cookie flags, TLS, info disclosure |
| 07 | Data Manipulation | NoSQL injection, mass assignment, file upload, path traversal |
| 08 | SSRF & Command Injection | SSRF, cloud metadata, OS command injection |
| 09 | API Fuzzing | Directory brute-forcing, XXE, HTTP methods, external tools |
| 10 | OAuth2/OIDC Misconfiguration | Redirect URI bypass, CSRF via state, PKCE, token leakage, code reuse |
Severity Levels¶
Findings are classified into five severity levels:
| Level | Meaning | Action Required |
|---|---|---|
| Critical | Actively exploitable vulnerabilities | Immediate remediation |
| High | Serious security weaknesses | Fix urgently |
| Medium | Issues to address in the next release cycle | Plan a fix |
| Low | Minor hardening suggestions | Address when convenient |
| Info | Informational observations | Review for awareness |
Warning
Critical and High findings indicate real, exploitable weaknesses that could lead to data breaches or system compromise. Address them as a priority.