QuackScan
Scan My App
// tools_and_methodology

Tools & Methodology

Every assessment runs industry-standard open-source security tools trusted by compliance teams and security professionals worldwide.

Reconnaissance

passive • read_only
subfinder
subfinder
Passive subdomain enumeration

Discovers subdomains using passive sources like DNS datasets, certificate transparency logs, and search engines. No direct contact with the target.

detects
Hidden subdomains, forgotten staging environments, shadow IT assets
Official site
securitytrails
SecurityTrails
Historical DNS intelligence

Queries historical DNS records to find origin IPs behind CDNs, past hosting providers, and DNS configuration changes over time.

detects
Origin server IPs, DNS misconfigurations, CDN bypass vectors
Official site
httpx
httpx
HTTP probing & tech detection

Probes discovered hosts for HTTP services, identifies web technologies, status codes, titles, and server headers.

detects
Running services, technology stack, exposed admin panels
Official site

Vulnerability Assessment

active • dns_verification_required
nuclei
nuclei
Vulnerability scanner

Template-based vulnerability scanner with 8,000+ community-maintained detection templates covering CVEs, misconfigurations, exposed panels, and default credentials.

detects
Known CVEs, misconfigurations, exposed panels, default credentials, information disclosure
Official site
katana
katana
URL crawler & parameter discovery

Crawls web applications to discover endpoints, parameters, and JavaScript files that may contain secrets or additional attack surface.

detects
Hidden endpoints, API routes, JavaScript-embedded secrets, form parameters
Official site

Network Analysis

infrastructure • services
nmap
Nmap
Network port scanning & service detection

Industry-standard network scanner that identifies open ports, running services, and their versions across the target infrastructure.

detects
Open ports, service versions, OS fingerprints, network misconfigurations
Official site
shodan
Shodan
Internet-wide device intelligence

Queries the Shodan database for information about internet-facing services, known vulnerabilities, and end-of-life software detected on the target.

detects
Exposed services, known CVEs, end-of-life software, SSL certificate issues
Official site
// methodology

Assessment Methodology

QuackScan uses a progressive depth approach. Each level builds on the previous one, and you control how deep the assessment goes.

Level 1: Basic Assessment

no_verificationread_only

Passive reconnaissance and public information gathering. Checks publicly accessible endpoints, server headers, SSL configuration, and exposed services. Does not send any payloads or modify anything on the target.

Level 2: Standard Assessment

no_verificationread_only

Extends basic assessment with deeper infrastructure analysis, technology fingerprinting, and frontend secret detection. Crawls public pages to identify exposed API keys, tokens, and configuration values in client-side code.

Level 3: Deep Assessment

dns_verification_requiredactive_testing

Active vulnerability scanning with nuclei templates, default credential testing, and parameter fuzzing. This level sends payloads to the target to detect exploitable vulnerabilities. Requires DNS verification to prove domain ownership before any active testing begins.

← Back to homeHow it works