Windows-native penetration testing toolkit. 125+ security tools, triple interface, zero configuration. No Kali VM needed.
From reconnaissance to reporting. Every tool you need, running natively on Windows.
Three interfaces, one engine. Pick what fits your workflow — or use all three.
Download the standalone exe or build from source. No Python environment required for the binary.
Headless scanning for CI/CD pipelines, automation, and remote testing workflows.
| Method | Endpoint | Description |
|---|---|---|
| GET | /health | Health check (no auth required) |
| POST | /scan/ports | TCP port scanning |
| POST | /scan/subdomains | Subdomain enumeration |
| POST | /scan/sqli | SQL injection detection |
| POST | /scan/xss-probe | Reflected XSS scanner |
| POST | /scan/ssti | Server-side template injection |
| POST | /jwt/none-attack | JWT none-algorithm attack |
| POST | /tools/attack-chain | Automated attack chaining |
| POST | /report/sarif | SARIF v2.1.0 export |
+ 34 more endpoints — full docs at localhost:8000/docs