Pro ↑Phase 2 · Crawl

Playwright Authenticated Crawler

multi-role crawl through ZAP proxy. Part of AuditCore's automated security audit pipeline — runs on every scan in the Pro tier and above, with findings normalized into a single severity-rated table.

What is Playwright Authenticated Crawler?

Playwright Authenticated Crawler runs in the Crawl phase of every AuditCore scan that includes it. Authenticated browser walks the app through a recording proxy, capturing every HTTP request to feed downstream scanners.

Out of the box it covers: multi-role crawl through ZAP proxy. Findings are normalized into AuditCore's vulnerability model so they appear next to results from every other scanner — no separate tabs, no tool-specific jargon, one CVSS-rated table.

If you've ever wondered which scanners actually run when you click "Start scan" on AuditCore, this is one of them. The full pipeline is documented per phase, and you can see exactly which tools fired on any given scan from the live terminal feed.

What it tests

multi-role crawl through ZAP proxy
Runs automatically as part of any Pro-tier scan and above
Findings appear in the standard AuditCore severity table (Critical / High / Medium / Low / Info)
Results are bundled into the PDF report and exposed via the API

Where it runs in the AuditCore pipeline

Phase 2/5 · Crawl
Authenticated browser walks the app through a recording proxy, capturing every HTTP request to feed downstream scanners.

Source: scanners/crawler/playwright_crawler.py

Sample findings

Playwright Authenticated Crawler fired on a real target

Typical run produces between 0 and dozens of normalized findings depending on the target's posture. Each finding includes severity, evidence, affected URL/parameter, and a remediation hint.

Available in Pro tier and above

Real vulnerability scanning. Adds ZAP, Nuclei, Nikto, subdomain discovery, JWT analysis, GraphQL introspection, recording proxy. Per-domain license — pay once, rescan unlimited.

Other crawl scanners

ZAP Request Recorder

ZAP messages → DB

FAQ

What does Playwright Authenticated Crawler test for?

multi-role crawl through ZAP proxy

Which AuditCore plan includes Playwright Authenticated Crawler?

Available from the Pro plan ($299) and up. Higher tiers also include this scanner — license once, rescan unlimited.

Is Playwright Authenticated Crawler safe to run on production?

Yes — Playwright Authenticated Crawler runs in the Crawl phase, which is non-intrusive. It only reads data the target already exposes (DNS, HTTP responses, public files, headers).

Where does Playwright Authenticated Crawler run in the AuditCore scan pipeline?

Phase 2/5 — Crawl. Authenticated browser walks the app through a recording proxy, capturing every HTTP request to feed downstream scanners.

Can I rerun Playwright Authenticated Crawler without paying again?

Yes. AuditCore uses a per-domain license model — once you've purchased a tier for a domain, every rescan (manual or scheduled) is included. No metered usage.