This store requires javascript to be enabled for some features to work correctly.
Be sure to check-out Codename SCNR & Codename RKN!



with Introspector + AI

Killer features across the entire vulnerability life-cycle:

Automatically scan, dissect, get exploitation instructions, get code patches/fixes, get remediation guidance (code & instructions) and report.

The all-seeing Web Application Vulnerability Scanner.

Multi-platform deployment Docker package supporting: Mac OSX, Linux, MS Windows
Straightforward integration Scripting, Command-line utilities, REST API
User-friendly Web UI with clever filtering and incredible context.
Multi-platform deployment Docker package supporting: Mac OSX, Linux, MS Windows
Straightforward integration Scripting, Command-line utilities, REST API
User-friendly Web UI with clever filtering and incredible context.
Unrestricted Unlimited scans (+parallel), sites, pages and scan duration.
Affordable Best prices on the market.
Simple licensing Cloud, container and off-line use friendly.
Unrestricted Unlimited scans (+parallel), sites, pages and scan duration.
Affordable Best prices on the market.
Simple licensing Cloud, container and off-line use friendly.
Unparalleled coverage For legacy, Javascript-heavy and Single-Page-Applications.
Zero false-positive tolerance Never worry about false-positives again.
Super-fast Incremental scans reduce scan times from hours to minutes. Intelligent self-optimizing strategies, automagically tailored to each WebApp's chartacteristics, allow for lighting fast seed (first) scans.
Unparalleled coverage For legacy, Javascript-heavy and Single-Page-Applications.
Zero false-positive tolerance Never worry about false-positives again.
Super-fast Incremental scans reduce scan times from hours to minutes. Intelligent self-optimizing strategies, automagically tailored to each WebApp's chartacteristics, allow for lighting fast seed (first) scans.
Scalable Load-balance. Scale up or down, vertically or horizontally. Spread scans across machines and even combine resources from multiple machines.
Reporting With detailed reports in Plaintext, PDF, HTML, JSON and XML you can move further forward quicker to integrate and mitigate.
Intelligent Individual analysis of each resource, tailoring each request to the technologies being used, as well as the behavioral characteristics of each individual input vector.
Scalable Load-balance. Scale up or down, vertically or horizontally. Spread scans across machines and even combine resources from multiple machines.
Reporting With detailed reports in Plaintext, PDF, HTML, JSON and XML you can move further forward quicker to integrate and mitigate.
Intelligent Individual analysis of each resource, tailoring each request to the technologies being used, as well as the behavioral characteristics of each individual input vector.

AI-powered

Get insights, actionable code fixes, remedy and exploitation guidance for vulnerabilities.
Ecsypno

Specialized focus

Get actionable and actually helpful info for every unique issue.
Ecsypno

Get patches for identified vulnerabilities immediately

Secure your infrastructure ASAP with automated patching.
Ecsypno

Exploitation guidance

Explore the full breadth of each vulnerability.

Ecsypno

Remediation guidance that is actually relevant

Get actionable remediation guidance for each issue.

Know everything with the SCNR Introspector.

(Supported server-side languages: .NET, Java, Ruby, more to come.)
Ecsypno

Identify and remedy quicker than ever!

Narrow down issues from both the client and the server side. Know...everything!
Ecsypno

Follow the server-side execution

By following the the execution flow of your issues, you can know everything your web application is doing wrong.

Ecsypno

Follow the server-side data

By following the the data of your issues, you get to see everything your web application is seeing.
Ecsypno

Follow the client-side execution

Know the code your browser executed that's pertinent to the issue at hand.

Your own security devtools, hooked at the right place and the right time.

Ecsypno

Follow the client-side data

See everything your browser saw internally, during your application's vulnerable state.

Simple, powerful, insightful, full of context.

Ecsypno

Codename RKN (free!)

The WebApp attack surface mapper.

Automated WebApp I/O behavioral analysis for reconnaissance -- your best manual pentest companion.

Save yourself countless hours from your daily tasks.

Learn more

News

Codename SCNR v1.7.2 with Introspector for .NET, Java & Ruby

Codename SCNR v1.7.2 with Introspector for .NET, Java & Ruby

Hello all!   I wanted to let you know that Codename SCNR v1.7.2 is out and includes several bug fixes...

Codename SCNR v1.7.0: Introspector + OpenAI

Codename SCNR v1.7.0: Introspector + OpenAI

Hello all, There is a new release of Codename SCNR, v1.7.0, and it includes some really spectacular updates. Let's dive...

Codename RKN is now available for free!

Codename RKN is now available for free!

Hello all and happy holidays! As a gift that will keep on giving, we at Ecsypno wanted to brighten your...

Codename SCNR v1.7.2 with Introspector for .NET, Java & Ruby

Codename SCNR v1.7.2 with Introspector for .NET, Java & Ruby

Hello all!   I wanted to let you know that Codename SCNR v1.7.2 is out and includes several bug fixes...

Codename SCNR v1.7.0: Introspector + OpenAI

Codename SCNR v1.7.0: Introspector + OpenAI

Hello all, There is a new release of Codename SCNR, v1.7.0, and it includes some really spectacular updates. Let's dive...

Codename RKN is now available for free!

Codename RKN is now available for free!

Hello all and happy holidays! As a gift that will keep on giving, we at Ecsypno wanted to brighten your...

Articles

Script your DOM XSS exploitation workflow

Hello all, I wanted to share some Codename SCNR scripting kung-fu with you. This is something you can use post-scan,...

The Arachni Chronicles

The Arachni Chronicles

A story of curiosity, experimentation, development, million euro deal, fraudsters, abandonment and revitalization. From the inception of the F/OSS Arachni...

Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications

Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications

Some very interesting technology was presented a few days ago in the following articles: Following the data: Taint-tracing in the...

Script your DOM XSS exploitation workflow

Hello all, I wanted to share some Codename SCNR scripting kung-fu with you. This is something you can use post-scan,...

The Arachni Chronicles

The Arachni Chronicles

A story of curiosity, experimentation, development, million euro deal, fraudsters, abandonment and revitalization.

From the inception of the F/OSS Arachni WebAppSec scanner to the opening of Ecsypno’s doors with its flagship product Codename SCNR.

Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications

Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications

Some very interesting technology was presented a few days ago in the following articles: Following the data: Taint-tracing in the...

Ecsypno Single Member P.C.

Rooted in F/OSS. Multidisciplinary R&D. InfoSec subject matter. Consulting and Solutions.
Learn more
    American Express Apple Pay Diners Club Discover Google Pay JCB Mastercard PayPal Visa