The vulnerability scanner
An active and passive scanner that ships free — OWASP and API Top 10, with blind out-of-band detection.
What it does
55 active checks
SQLi, XSS, SSRF, XXE, SSTI, command injection, deserialization, request smuggling, prototype pollution and more.
48 passive checks
Nerve inspects every response for secrets, misconfiguration and info leaks — with no extra requests sent.
OOB over 6 protocols
Oastify catches blind SSRF and RCE over DNS, HTTP, SMTP, LDAP, FTP and SMB.
OWASP + API Top 10
Mapped to the categories you actually write up — every check is in the coverage matrix.
Free where it counts
Burp gates its active scanner behind a $499/year Professional licence; Caido ships none. Hugin's Community tier runs the full scanner — active and passive — at no cost and with no rate limit.
The rest of the toolkit
Intercepting proxy
Every request your browser makes, on your terms — pause it, rewrite it, release it. HTTP/1.1, HTTP/2, HTTP/3 and WebSocket, with on-the-fly TLS.
Repeater
Send it once. Change one field. Send it again. The careful, hand-driven probe — request and response side by side, over and over.
Intruder
Automated payload attacks at full speed — four modes, 21 generators, 32 processors, and a Turbo mode with raw-TCP batching.
AI agent & MCP PRO
Set a budget, hit explore, and an autonomous agent drives every tool over 169 MCP tools — or wire opencode, Cursor or your own agent straight in.
Race conditions PRO
Beat check-then-act windows the proxy can't reach — single-packet attacks, last-byte sync and barrier coordination.
Synaps WASM modules PRO
Extend the scanner without trusting the code — community modules compiled to WebAssembly and run in a hard sandbox.
WAF bypass & antibot PRO
Look like real Chrome to every WAF and anti-bot system — TLS JA3/JA4, HTTP/2 SETTINGS, navigator, WebGL, canvas and fonts all match a coherent browser profile. Challenge scripts execute natively and set the bypass cookie.