Features

From one input to a clear, fixable risk picture

You give CVEsafe an asset. It discovers the rest of your surface, runs the right engines, tells you what's actually exploitable, and pushes the fix into your workflow — agentless outside, agent-powered inside.

Discover

See your whole attack surface — even what you forgot

You can't protect what you can't see. CVEsafe maps it for you, outside and inside.

External footprint

Add a domain — we map every subdomain

From Certificate Transparency logs and DNS, CVEsafe enumerates your full external footprint, shows what's live, and lets you scan the whole surface in one click. Forgotten and shadow assets stop being blind spots.

  • Delivers: a live inventory of every public host under your domain
  • So you can: scan shadow IT before an attacker finds it
cvesafe — discover
$cvesafe discover acme.com
[CT+DNS] enumerating subdomains…
api.acme.com 2 IPs live
shop.acme.com 2 IPs live
legacy.acme.com — unresolved
$
Internal network

Inventory every device on your LAN

The installed agent sweeps your internal range and classifies each live host — router, switch, printer, IP camera, NAS, Windows or Linux — with OS, services, MAC vendor and SNMP. Each becomes a registered asset.

  • Delivers: an auto-classified inventory of what's really on your network
  • So you can: promote any device to a CVE scan in one click
cvesafe — lan discovery
$cvesafe discover --lan 192.168.0.0/24
192.168.0.1 Router MikroTik RouterOS
192.168.0.20 Printer HP LaserJet
192.168.0.77 IP camera SNMP
[+] 23 assets inventoried
$
Scan

Five engines, one result — here's what each finds for you

We orchestrate best-in-class scanners and consolidate everything. You don't manage tools; you get findings.

Ports & servicesEvery exposed port & service — the doors attackers knock on
Known CVEs & misconfigKnown CVEs, exposed admin panels & default credentials
Web app testingInjection, XSS & broken authentication in your web apps
TLS & certificatesWeak TLS, expired or mis-issued certificates
Network vuln tests (NVTs)Thousands of network checks mapped to fixable CVEs
Prioritize

Know what to fix first — not a wall of alerts

Live CVE intelligence + AI

Real exploitability, surfaced first

Every finding is correlated with its CVE and CVSS, then enriched with EPSS probability and the CISA KEV catalog. Our AI ranks by real exploitability and exposure and triages likely false positives — so the riskiest 3% rises to the top.

  • Delivers: an ordered list and an A–F grade per asset and group
  • So you can: spend remediation time where it actually reduces risk
CVE-2021-44228CRITICAL

Apache Log4j JNDI remote code execution (Log4Shell).

CVSS 10.0KEV listedEPSS 97%
Go deeper

Reach inside the network the public scanner can't

Agent & host posture audit

CVE detection and hardening checks, per machine

A lightweight agent runs scans on assets only reachable inside your network — and audits the posture of each host it runs on: missing Windows updates, SMBv1, RDP without NLA, firewall, Defender, BitLocker, UAC and weak local accounts.

  • Delivers: internal CVE coverage plus per-host misconfiguration findings
  • So you can: close the gaps that perimeter scans never see
cvesafe — host audit
$cvesafe audit --host WIN-APP01
SMBv1 enabled HIGH
RDP without NLA HIGH
12 pending updates MEDIUM
BitLocker off MEDIUM
$
Fix & report

Turn findings into closed tickets

Issue lifecycle

Track, assign and auto-verify fixes

Findings roll up into de-duplicated issues with status, owner and history. A re-scan that no longer sees an issue resolves it automatically — so your backlog reflects reality, not noise.

  • Delivers: one stateful list across every scan of a target
  • So you can: prove what was fixed and when
cvesafe — issues
$cvesafe issues
SQL injection · /login in_progress
Weak TLS · api.acme.com resolved ✓
Open Redis · 10.0.0.9 verified by re-scan
$
Integrations & reporting

Into your workflow — ServiceNow, webhooks, reports

Open vulnerabilities as ServiceNow incidents with two-way status sync, or fire signed (HMAC) webhooks to Slack, Jira, Zendesk, SOAR and your own automations. Plus a consolidated, board-ready report by email or shareable link, and CSV export.

  • Delivers: tickets in the system your team already lives in
  • So you can: remediate without copy-pasting between tools
cvesafe — integrations
$cvesafe integrations --status
ServiceNow INC0012345
Webhook · Slack 200 OK
Consolidated PDF emailed
CSV export ready
$

See it on your own assets

Spin up your first scan in minutes. No credit card to get started.

Start scanning free →