Example Data

See What Your Security Report Looks Like

This is an interactive demo with example data. Every scan generates a report like this — with AI-powered summaries, verified vulnerability findings, and actionable recommendations.

🔍Recon

🌐Probe

🕷️Crawl

⚡Scan

🔬Deep

🤖Verify

Security Overview

Example Data

Targets Monitored

3 active, 1 paused

Scans This Month

Next scan in 4h

Critical Findings

SQL injection

High Findings

XSS, admin access, outdated lib

Findings Trend (Last 6 Weeks)

Feb 1

Feb 8

Feb 15

Feb 22

Mar 1

Mar 8

Mar 12

Critical High Medium Low

Site Monitoring

View details →

🔍

Sites Monitored

📸

Last 24h Snapshots

⚠️

Warnings

📊

Baseline Items

All sites checked today at 06:00 — next check in 18h

Example Scan Report

Example Data

B+

shop.example.com

CompletedProfile: webshop

Scanned Mar 11, 2026 at 22:00 UTC — completed in 18m 42s

AI Security Summary

Your website has a few issues that need attention. - CRITICAL: SQL injection vulnerability found in /api/products?id= parameter. An attacker could extract your entire database. - HIGH: Admin panel at /admin accessible without IP restriction. 3 default credentials combinations were accepted. - HIGH: Outdated jQuery 2.1.4 with known XSS vulnerabilities (CVE-2020-11023). - MEDIUM: Missing Content-Security-Policy header allows inline script execution. - MEDIUM: TLS certificate uses SHA-1 intermediate — modern browsers may show warnings. - LOW: Server exposes X-Powered-By: Express 4.17 header. - INFO: Cloudflare WAF detected — 2 scanning tools were blocked. Recommended action: Patch the SQL injection immediately, restrict admin panel access, and update jQuery.

Scanning Modules

WAF Detection

WAF Detector1

Subdomain Enum

Subdomain Finder12Archive Scanner847

DNS Resolution

DNS Resolver8DNS Permutator3

Service Probing

HTTP Prober6Port Scanner14TLS Analyzer2

Web Crawling

Web Crawler234

Vuln Scanning

Vulnerability Scanner7Directory Enumerator18TLS/SSL Tester2

E-Commerce Audit

Fuzzer4Template Scanner2

Input Validation

Parameter Discovery8XSS Validator1Injection Tester3

Deep Analysis (Analysis Engine)

SQL Injection Tester1Web Server Analyzer

16 OK 1 Blocked 17 Total

Findings (10)

Critical

SQL Injection in Product API

New

The parameter "id" in /api/products is vulnerable to time-based blind SQL injection. Automated testing confirmed data extraction is possible.

https://shop.example.com/api/products?id=1Tool: SQL Injection TesterCVSS: 9.8

Recommendation: Use parameterized queries (prepared statements) instead of string concatenation. Never pass user input directly into SQL queries.

High

Admin Panel Accessible with Default Credentials

New

The admin panel at /admin accepts the credentials admin:admin123. No IP restriction or 2FA is configured.

https://shop.example.com/adminTool: Vulnerability ScannerCVSS: 8.1

Recommendation: Change default credentials immediately. Implement IP allowlisting and enable two-factor authentication.

High

Outdated jQuery 2.1.4 — XSS Vulnerability

NewCVE-2020-11023

jQuery 2.1.4 is loaded from /static/js/jquery.min.js. This version is vulnerable to CVE-2020-11023 (XSS via HTML containing <option> elements).

https://shop.example.com/static/js/jquery.min.jsTool: Vulnerability ScannerCVSS: 6.1

Recommendation: Update jQuery to version 3.6.0 or later. Consider using a CDN with SRI (Subresource Integrity) hashes.

High

Reflected XSS in Search Parameter (Verified)

New

The "q" parameter reflects user input without escaping. Automated validation confirmed XSS execution with payload: <script>alert(1)</script>

https://shop.example.com/search?q=testTool: XSS ValidatorCVSS: 6.5

Recommendation: Encode all user input before reflecting it in HTML. Implement Content-Security-Policy to block inline scripts.

Medium

Missing Content-Security-Policy Header

New

No CSP header is set. This allows inline JavaScript execution and loading resources from any origin.

https://shop.example.com/Tool: Vulnerability ScannerCVSS: 5.3

Recommendation: Add a Content-Security-Policy header. Start with: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'

Medium

TLS Certificate Chain Uses SHA-1 Intermediate

False Positive

The intermediate CA certificate uses SHA-1 signing. While the leaf certificate uses SHA-256, the chain may cause warnings in strict environments.

https://shop.example.com/Tool: TLS/SSL TesterCVSS: 4.3

Recommendation: Contact your certificate provider to reissue with a SHA-256 intermediate certificate.

Medium

OpenAPI Specification Publicly Accessible

New

/v3/api-docs returns the full API schema including admin endpoints, request/response schemas, and internal paths.

https://shop.example.com/v3/api-docsTool: Vulnerability ScannerCVSS: 5

Recommendation: Block access to /v3/api-docs and /swagger-ui in production. Restrict to internal IPs or VPN.

Low

Server Version Disclosed in Response Headers

New

The X-Powered-By: Express 4.17.1 header reveals the server framework and version.

https://shop.example.com/Tool: HTTP ProberCVSS: 2

Recommendation: Remove the X-Powered-By header. In Express: app.disable('x-powered-by')

Info

Cloudflare WAF Detected

New

Cloudflare WAF is active on shop.example.com. 1 scanning tool was blocked by the WAF.

https://shop.example.com/Tool: WAF Detector

Recommendation: Informational — no action needed. WAF is actively protecting the site. Consider whitelisting the scanner IP for complete coverage.

Info

Technology Stack Detected

New

Detected: Node.js, Express 4.17, React 18, OpenCart 4.x, Cloudflare CDN, PostgreSQL.

https://shop.example.com/Tool: HTTP Prober

Recommendation: Informational — no action needed. Keep all components updated to latest stable versions.

Attack Surface Discovery

Example Data

Automated subdomain enumeration, port scanning, and technology fingerprinting. New assets are flagged, and subdomain takeover risks are highlighted.

Subdomain	IP	Ports	Tech Stack	Status
shop.example.com Example Shop — Electronics & Gadgets	104.26.12.87	80,443	OpenCart, Cloudflare, Node.js	200
api.example.com API Gateway	104.26.12.88	443	Express, PostgreSQL	200
dev.example.comNEW Development Environment	104.26.12.89	443,8080	OpenCart, Node.js	200
staging.example.comNEW Staging (BitNinja blocked)	104.26.12.89	443	OpenCart, Node.js	403
mail.example.com MX Record	142.251.36.5	25,465,587	Google Workspace	—
old.example.comTAKEOVER RISK DNS resolves, no HTTP	104.26.12.90	80	—	—

Intelligent Scan Profiles

Example Data

Profiles are auto-detected based on your target's technology stack. Each profile runs specialized tools optimized for that platform — including payload-verified input validation testing.

Standard

Full blackbox pentest for traditional web apps

Auto-detected for

WordPress, PHP, Java, .NET, Rails, Django

8 phases

Subdomain discovery, DNS resolution, HTTP probing, port scanning, vulnerability scanning, directory enumeration, TLS testing, parameter discovery, XSS validation, SQL injection testing

Vibecode

AI-generated project audit with prompt injection testing

Auto-detected for

Next.js, Nuxt, Svelte, Remix, Vite, Vercel

9 phases

HTTP probing, vulnerability scanning, fuzzing, web crawling, XSS validation, SQL injection testing + custom AI templates

Webshop

E-commerce focused — payment flows, admin panels, API specs

Auto-detected for

OpenCart, Magento, WooCommerce, PrestaShop, Shopify

9 phases

Vulnerability scanning, CMS scanner, directory enumeration, fuzzing, parameter discovery, XSS validation, SQL injection testing, web server analysis

Stealth

WAF-evading scan with rate jittering and multi-node routing

Auto-detected for

Sites behind Cloudflare, BitNinja, Sucuri, or other WAFs

6 phases

Subdomain discovery, DNS resolution, HTTP probing, port scanning, vulnerability scanning, web crawling, archive analysis

Payload-Verified Testing

Beyond pattern matching, our scans inject test payloads and check for signs of exploitation in the response — reducing false positives. Our self-learning Verification Engine improves with every scan cycle, giving you higher-confidence results:

XSS Validation

Injects unique markers and checks if they appear unescaped in the response

SQL Injection Testing

Tests for time-based blind and error-based injection indicators

SSTI

Injects uncommon math expressions and checks if the server evaluates them

SSRF

Requests internal/cloud metadata URLs and checks for leaked data in the response

LFI

Attempts path traversal and checks for known system file content

Open Redirect

Checks if Location header redirects to an injected domain

Site Monitoring

Premium

Daily snapshots capture your site's structure, scripts, headers, and visual appearance. AI-powered analysis separates routine content updates from genuine security concerns.

Snapshot Timeline

Mar 14, 12:01

Example Shop — Electronics & Gadgets · 200 · 142 KB

Mar 13, 12:02

Example Shop — Electronics & Gadgets · 200 · 143 KB

+3-2~117% novel

🟢 Routine content updates — product images rotated on the homepage. CDN cache header (cf-ray) changed as expected.95%

Mar 12, 12:01

Example Shop — Electronics & Gadgets · 200 · 138 KB

+1~2

🟡 New external script loaded from cdn.tracker-analytics.net — not a recognized analytics provider. Investigate origin and purpose before next scan.82%

Mar 11, 12:03

Example Shop — Electronics & Gadgets · 200 · 141 KB

+14-128% novel

🟢 Baseline churn only (24 recurring changes filtered). Product listing images and blog post links rotate daily.92%

Mar 10, 12:01

Example Shop — Flash Sale! · 200 · 155 KB

+8-1~375% novel

🔵 Title changed to include "Flash Sale!". New promotional banner scripts and styles added. Size increase of 12% is consistent with marketing campaign deployment.88%

Mar 9, 00:15

Example Shop — Maintenance · 503 · 2 KB

-47~2

🔴 SITE DOWN — Status code changed from 200 to 503. All resources removed, title changed to "Maintenance". 47 resources missing. Possible unplanned outage or defacement.95%

Change Diff — Mar 12 vs Mar 11

1 added

2 changed

0 removed

scripts/https://cdn.tracker-analytics.net/v2/collect.min.js

responseHeaders/cf-ray

8f2a1b3c4d5e6f-ARN

8f3b2c4d5e6f7g-ARN

meta/og:image

/images/spring-sale.webp

/images/new-arrivals.webp

Baseline Learning

After 5+ snapshots, recurring changes (rotating product images, CDN cache headers, news article links) are automatically classified as baseline churn and filtered from alerts. Only novel changes — new scripts, removed security headers, unknown external resources — trigger AI analysis and notifications.

Baseline items: 47

Snapshots analyzed: 23

Churn filter rate: 83%

🟡

Alert sent to [email protected]

New external script from cdn.tracker-analytics.net — not in baseline. Email + webhook notifications sent to 2 configured destinations.

Ready to secure your website?

Start with a free scan. No credit card required. Get your first security report in under 30 minutes.

Start Free Trial Contact Sales