46 active checks
SQLi, XSS, SSRF, XXE, SSTI, command injection, deserialization, request smuggling, prototype pollution and more.
// scanner
The vulnerability scanner
An active and passive scanner that ships free — OWASP and API Top 10, with blind out-of-band detection.
// capabilities
What it does
42 passive checks
Nerve inspects every response for secrets, misconfiguration and info leaks — with no extra requests sent.
OOB over 6 protocols
Oastify catches blind SSRF and RCE over DNS, HTTP, SMTP, LDAP, FTP and SMB.
OWASP + API Top 10
Mapped to the categories you actually write up — every check is in the coverage matrix.
// detail
Free where it counts
Burp gates its active scanner behind a $499/year Professional licence; Caido ships none. Hugin's Community tier runs the full scanner — active and passive — at no cost and with no rate limit.
// more
The rest of the toolkit
Intercepting proxy
Every request your browser makes, on your terms — pause it, rewrite it, release it. HTTP/1.1, HTTP/2, HTTP/3 and WebSocket, with on-the-fly TLS.
Repeater
Send it once. Change one field. Send it again. The careful, hand-driven probe — request and response side by side, over and over.
Intruder
Automated payload attacks at full speed — four modes, 21 generators, 32 processors, and a Turbo mode with raw-TCP batching.
AI agent & MCP
Set a budget, hit explore, and an autonomous agent drives every tool over 162 MCP tools — or wire Claude Code, Cursor or your own agent straight in.
Race conditions PRO
Beat check-then-act windows the proxy can't reach — single-packet attacks, last-byte sync and barrier coordination.
Synaps WASM modules PRO
Extend the scanner without trusting the code — community modules compiled to WebAssembly and run in a hard sandbox.