Feature map
Everything CVEsafe does
A complete, technical inventory of the platform — every capability, in one table. Enterprise marks Enterprise-only features; New marks the latest additions.
| Area | Capability | What it does |
|---|---|---|
| Discover | External footprint & subdomains | Enumerates public hosts under your domain via Certificate Transparency + DNS, and shows what's live. |
| LAN discovery | The agent sweeps an internal range, fingerprints each host (OS, services, MAC vendor, SNMP) and classifies the device type (router, switch, printer, IP camera, NAS, Windows/Linux). | |
| Asset inventory | Every discovered device is registered and organized by /24 block, with live progress while sweeping. | |
| Promote & bulk scan | Promote any host to a CVE scan, or scan a whole network/block for CVEs via the agent. | |
| Scan engines | Port & service discovery (TCP) | Open ports and each one's service/version — top 100, full TCP or UDP. |
| CVE detection by service/version | Maps detected software to known CVEs, with CVSS. | |
| Network vulnerability tests (NVTs) | Tens of thousands of network checks (OpenVAS / Greenbone). | |
| Known CVEs & misconfigurations | Nuclei signatures, exposed admin panels, default credentials and technology fingerprinting. | |
| Passive web analysis | Missing security headers, insecure cookies and information leakage — without attacking. | |
| Active web testing | Controlled requests that confirm SQL injection, XSS, command injection and path traversal. | |
| TLS hardening | Certificate validation, weak protocols/ciphers, Heartbleed / ROBOT. | |
| Authenticated scans | Injects a bearer token, header, cookie or basic credential — scoped to the target host. | |
| Host & device posture | Host audit | Missing Windows updates, SMBv1, RDP without NLA, firewall, Defender/AV, BitLocker, UAC, autologon and weak/Guest local accounts. |
| SNMP audit | Authenticated deep enumeration of a device plus weak/default community detection. | |
| Automated internal pentest Enterprise | Network & AD checks | SMB signing/NULL session, LDAP anonymous bind, SMBv1, MS17-010 (EternalBlue), BlueKeep, weak TLS, SNMP exposure. |
| Egress filtering test | Which outbound ports the network allows (C2 / exfiltration exposure), probed from inside. | |
| Credential capture (LLMNR/NBNS/mDNS) | Time-boxed name-resolution poisoning → capture NetNTLMv2 (redacted). | |
| IPv6 DNS takeover (mitm6) | DHCPv6 + IPv6 DNS spoofing to become the network resolver, then capture NetNTLMv2 (redacted). | |
| Password spraying | One password against a user list, one attempt per account per run (lockout-safe). No defaults. | |
| NTLM relay | Demonstrates relay exposure against a host without SMB signing — no data dump, no changes. | |
| Hash cracking | Local crack of captured NetNTLMv2 to prove weak passwords; cleartext never stored. | |
| Kerberoasting / AS-REP | With one domain credential, requests roastable tickets and cracks them locally. | |
| AD CS audit (ESC1-ESC8) | Certipy enumerates certificate templates vulnerable to privilege escalation. Enumeration only. | |
| Layered consent | Scan → Intrusive → Active-Attack authorizations, each signed; redacted hashes, lockout-safe spraying, demonstrative relay. | |
| Database audit New Enterprise | Microsoft SQL Server (1433) | Service exposure; sa/any account with an empty password (critical). Detection-only, lockout-safe. |
| Oracle Database (1521) | TNS listener exposure; SID disclosure to unauthenticated probes. | |
| MySQL / MariaDB (3306) | Service exposure; account (often root) with an empty password (critical). | |
| MongoDB (27017) | Service exposure; database list readable without authentication (critical). | |
| PostgreSQL (5432) | Service exposure on the network. Scanned ports are configurable per run. | |
| Live run & retest New | Live progress | A real-time bar and stage label as the agent works through a scan. |
| Activity log | A timestamped timeline of the attacker actions the agent took during the run. | |
| SIEM export | Download the timeline as JSON or CSV to correlate against your SIEM and measure detection gaps. | |
| Retest | Re-run the same target+engine in one click (inherits all consent/quota gates). | |
| Delta | Compares a run to the previous one: New, Fixed and Still-open findings. | |
| Prioritize | CVE + CVSS correlation | Every finding tied to its CVE and technical severity. |
| EPSS exploit probability | Chance of exploitation in the next 30 days (FIRST). | |
| CISA KEV flag | Marks CVEs actively exploited in the wild. | |
| Risk score & A–F grade | One priority per asset and per group. | |
| Issues & lifecycle | Stateful, de-duplicated issues | With status, owner, history and occurrence count. |
| Verify-on-rescan | Auto-resolves an issue a re-scan no longer sees, reopens it if it returns. | |
| Confirmed-exploitable | Flags an issue when evidence proves exploitability. | |
| Risk acceptance | Waive a finding (tracked separately, with who/when), out of the dashboard totals. | |
| Reports & deliverables | Consolidated report & CSV | Board-ready report by email or shareable link, plus CSV export. |
| PDF & Word | Locked PDF (all plans) and editable Word (.docx, paid). | |
| Pentest-style report | Executive summary, attack narrative, per-finding remediation, mapped to MITRE ATT&CK; plus a consolidated engagement report across hosts. | |
| Compliance deliverables | ISO/IEC 27001, PCI DSS v4, LGPD, HIPAA, SOC 2. | |
| White-label proposal | A branded technical proposal as a Word document. | |
| Command Center & CLI | Command Center | Risk overview with a severity layer sphere, per-engine and per-severity filters, and KPIs (findings, active cases, MTTR). |
| CLI console | An in-app, FortiGate-style command line (target / scan / issue / report / agent / org / go) over the same API. | |
| Scheduling | Daily, weekly or monthly recurring scans at the time you choose. | |
| Integrations | ServiceNow (two-way) | Opens incidents manually or above a severity threshold, with status sync. |
| Signed webhooks | HMAC-signed JSON POST to Slack, Jira, Zendesk, SOAR and custom automations. | |
| REST API + CLI | Automate organizations, targets, scans, issues and reports. | |
| Security & access | Multi-tenant & RBAC | Per-organization isolation, RBAC roles, JWT + MFA login, encrypted credentials. |
| Audit log | Org-scoped trail of sign-ins, scans, downloads, member and configuration changes, with actor, IP and timestamp. | |
| Proof of ownership | New external targets must pass a DNS TXT challenge before scanning. | |
| Privacy & limits | Abuse controls, plan limits, and a commitment that we never access or share your scan data. | |
| White-label & MSP | White-label | Your logo, name, accent color and favicon across the app and reports. |
| MSP / reselling | Create and manage client organizations that inherit your branding, and switch into a client's context. | |
| Agent & platform | Windows & Linux agents | Self-updating, run as a service / systemd, auto-provision tooling (nmap/Npcap; pentest toolkit opt-in). The pentest runs on the customer's agent — never from our cloud. |
| Horizontal scaling | Add worker nodes, dedicated queues (incl. a separate OpenVAS lane) and a static frontend. | |
| Plans | Free, Basic, Premium, Professional and Enterprise (the automated pentest suite, billed per internal target pentested per month). |
See it on your own assets
Spin up your first scan in minutes. No credit card to get started.
Start scanning free →