VulneraX is an automated web vulnerability scanner and reporting tool for developers, security engineers, and product teams who need evidence-first, low-noise results and audit-ready PDFs.

Shallow covers fast hygiene checks (headers, cookies, misconfigs). Deep simulates logic flaws and common exploits. Deepest uses advanced and out-of-band techniques for high-impact coverage.

The release integrates 155 modules across three depths: 44 Shallow, 66 Deep, and 45 Deepest.

You get a branded, A4-optimized PDF with a summary dashboard, severity distribution, detailed evidence, and prioritized remediation steps. Each finding includes proof artifacts where applicable.

The Risk Score (0–10) summarizes posture at a glance. Use it to track trends over time and prioritize remediation, not as a certification.

You must have explicit authorization to scan a target. Unauthorized scanning of third-party assets is prohibited.

The release supports Google OAuth for sign-in. Future versions may add API keys and SSO options.

Reports are generated from HTML to PDF and stored in cloud object storage (e.g., Firebase Storage). You receive a signed link for retrieval.

We store minimal artifacts required for evidence and report generation (e.g., header diffs, request/response metadata). Aggregated metrics may be used to improve detection.

Shallow scans are lightweight. Deep and Deepest scans can be more intensive. We recommend running heavier profiles in off-peak windows or staging environments when possible.

CI/CD policy gates are planned for v1.0. The release allows manual or scheduled scans; CI webhooks and merge-blocking policies are on the roadmap.

Security scanning is probabilistic. We reduce noise with evidence-first findings and confidence scores, but we recommend verification before critical decisions.

Billing tiers are in progress and may be limited during the v1.0 release. Full subscription management will arrive with v1.0.

PDF is default in release. Structured exports (JSON/CSV) are considered for v1.0 to support automation and custom dashboards.

We apply role-aware access controls, token checks, and segregated storage for reports. No system is 100% secure, but we follow least-privilege and secure-by-default design.

Common web risks (injection, XSS, SSRF, path traversal), misconfigurations (CORS, CSP, HSTS), auth/session issues (JWT), and advanced client-side or OOB checks per profile.

The release detects common API exposures (Swagger/GraphQL) and checks for key risks. Deeper API fuzzing is planned for future releases.

Team scans and multi-user access are planned for v1.0. release focuses on authenticated single-user flows.

Visit the Roadmap page from the footer navigation for planned features like CI gating, billing tiers, and richer exports.

Email hello@vulnerax.in for general queries, privacy@vulnerax.in for data requests, or legal@vulnerax.in for terms-related issues.