Every tool AuditCore runs, in one place
AuditCore orchestrates 53 open-source and custom security scanners across a 5-phase pipeline. Each scanner here has a dedicated page explaining what it tests, where it fits in the pipeline, and which tier includes it. No black boxes — click into any tool to see exactly what it does.
Reconnaissance
6 scannersDiscover the target attack surface — subdomains, live hosts, hidden directories, mail config — before any active probing.
Crawl
2 scannersAuthenticated browser walks the app through a recording proxy, capturing every HTTP request to feed downstream scanners.
Authentication Tests
7 scannersReplay captured traffic across roles to find broken object-level / function-level authorization, and audit JWT, OAuth, session, cookie and SSL/TLS posture.
Security Headers Analyzer
basic7 security + 3 leaky headers
Cookie Security Analyzer
basicSecure/HttpOnly/SameSite
SSLyze
basicHeartbleed, CCS, deprecated protos
JWT Analyzer
proalg:none, expired, sensitive data
Auth Replay (BOLA / BFLA Tester)
enterpriseBOLA/BFLA/auth bypass via cross-role replay
OAuth Tester
proredirect_uri, state param, HTTP token endpoint
Session Tester
profixation, cookie flags, session in URL
Injection & Active Tests
28 scannersActive payload-based scanning — SQL, NoSQL, command, template, XXE, SSRF, prototype pollution, race conditions, AI prompt injection, business-logic abuse, plus full ZAP / Nuclei / sqlmap.
CORS Misconfiguration Checker
basicwildcard+creds, reflected origin, null origin
SEO Auditor
basic70+ checks, 20 pages (see SEO section below)
XXE Scanner
enterpriseXML entity injection, file read, SSRF via DTD
SSTI Scanner
enterpriseJinja2/Twig/Freemarker/ERB template injection
Command Injection Scanner
enterpriseOS command injection (;id,
Path Traversal Scanner
enterprise../../../etc/passwd, URL encoding, null byte
CRLF Injection Scanner
proheader injection, response splitting
Host Header Injection Scanner
proHost/X-Forwarded-Host, password reset poisoning
Open Redirect Scanner
proredirect params, login/logout redirects
HTTP Method Override Scanner
proX-HTTP-Method-Override, _method body param
Sensitive Files Scanner
basic.git, .env, swagger.json, backups, admin panels
NoSQL Injection Scanner
enterpriseMongoDB $gt/$ne/$regex, auth bypass
Business Logic Scanner
enterpriseprice manipulation, quantity tamper, checkout skip, currency switch, status/role tamper, coupon abuse
AI Agent / Prompt Injection Scanner
enterpriseprompt injection (20+), jailbreak, encoding bypass, tool abuse, data exfil, RAG poisoning, agent loop/DoS, output control bypass, input filter bypass, token budget, webhook forgery, chatbot discovery
Smart API Fuzzer
enterpriseOpenAPI/Swagger discovery, schema-driven fuzzing, mass assignment, boundary values, type confusion, workflow skip, auth bypass
GraphQL Deep Scanner
enterprisefull introspection parsing, mutation fuzzing with injection payloads, mutation auth bypass, variable injection, query data exposure
AI Context Scanner
enterpriseClaude API: app analysis → targeted test plan, smart payload generation, finding triage (false positive detection), business logic risk identification. Max 5 API calls/scan
Nmap
basicport scan + NSE vulns + version detection
OWASP ZAP
prospider + active scan via REST API
Nuclei
pro8000+ templates, JSONL output
Nikto
proweb server scan, JSON output
sqlmap
enterprise--batch, --technique=BEU (safe)
SSRF Scanner
enterpriseURL params + common SSRF param names + cloud metadata
GraphQL Scanner
prointrospection, depth, batch, field suggestions
HTTP Request Smuggling Scanner
enterpriseCL.TE, TE obfuscation
Prototype Pollution Scanner
enterprisequery + JSON + merge endpoints
Race Condition Tester
enterprise20 concurrent requests
Prompt Injection Form Tester
proform injection + AI leak indicators
Static / Code & Mobile
10 scannersSource-code, dependency and mobile-binary analysis — Semgrep rules, gitleaks secrets, Trivy CVEs, APK / IPA manifest, permissions, strings, network and native-binary hardening.
Semgrep
enterprisep/security-audit rules
Gitleaks
enterprisesecret detection in git history
Trivy
enterprisedependency CVEs
MobSF
enterpriseAPK/IPA analysis via REST API (requires Docker)
APK Manifest Analyzer
enterprisedebuggable, backup, cleartext, exported components, min SDK
APK Permissions Auditor
enterprise22 dangerous permissions, risky combos
APK Strings Scanner
enterpriseAPI keys, passwords, tokens, HTTP URLs in binary
APK Network Security Analyzer
enterprisenetwork_security_config, cert pinning, signing cert
APK Code Analyzer
enterpriseECB/MD5/SHA1, exec(), DexClassLoader, WebView JS bridge, SharedPrefs, SQLite, Clipboard, root detection, obfuscation, debug logs, tapjacking, 14 tracker SDKs
APK Binary Hardening Analyzer
enterprisePIE, NX, stack canary, RELRO on .so files
All 53 scanners. One scan. Per-domain license.
Pick a tier, scan once, get a unified report. Rescans are unlimited — no metered usage, no per-tool licensing, no separate dashboards.