Enterprise-Grade
Vulnerability Scanning

High-throughput passive security scanning powered by OWASP ZAP. Scan millions of domains per month with intelligent proxy rotation and parallel processing.

View Live Dashboard
15.7M
Monthly Capacity
6.06
Jobs/Second
150
Concurrent Workers
89%
Success Rate

Powerful Features

🚀

High-Throughput Processing

Process up to 523,584 domains per day with 150 parallel workers. Built for enterprise-scale security scanning.

🔄

Intelligent Proxy Rotation

Automatic proxy rotation per job prevents rate limiting and WAF blocking. 150 rotating proxies with health tracking.

Lightning Fast Results

Average job completion in ~13 seconds. P95 latency under 30 seconds. 29x faster than baseline requirements.

🎯

Passive-Only Scanning

Non-intrusive passive analysis detects vulnerabilities without sending attack payloads. Safe for production environments.

🔒

Domain Locking

Intelligent per-domain concurrency control prevents overwhelming targets while maximizing parallel throughput.

📊

Real-Time Analytics

Live dashboard with hyperspace starfield animation, throughput metrics, and webhook alerts for system monitoring.

🛡️

Built on OWASP ZAP

Leverages the world's most popular web app security scanner. 100+ passive scan rules and constantly updated.

💰

Cost-Effective

$45/month for 150 proxies. $0.0000029 per scan at max capacity. Extremely affordable for enterprise-grade scanning.

⏱️

4-Hour Batch SLA

Complete 87,286 domains in 4 hours. Optimized timeouts and fixed polling ensure no straggler jobs.

Simple REST API

Submit jobs via HTTP, poll for status, and retrieve results in compact JSON format. Perfect for integration into existing security pipelines. 

# Submit a scan job
curl "https://cyber.mikehernandez.co/JSON/batchscan/action/submit/?apikey=KEY&url=https://example.com"

# Response:
{
  "jobId": "abc-123",
  "state": "queued",
  "etaSeconds": "5"
}

# Check job status
curl "https://cyber.mikehernandez.co/JSON/batchscan/view/status/?apikey=KEY&jobId=abc-123"

# Response:
{
  "jobId": "abc-123",
  "state": "completed",
  "proxy": "proxy-042 (9.142.199.139:5704)",
  "domain": "example.com",
  "workerId": "worker-42",
  "targetUrl": "https://example.com"
}

# Get scan results
curl "https://cyber.mikehernandez.co/JSON/batchscan/view/result/?apikey=KEY&jobId=abc-123"

# Response includes top 20 findings:
{
  "jobId": "abc-123",
  "domain": "example.com",
  "totalAlerts": 42,
  "topFindings": [
    {
      "risk": "High",
      "name": "SQL Injection",
      "description": "...",
      "solution": "..."
    }
  ]
}

Production-Ready Architecture

Built as an extension to OWASP ZAP with enterprise-grade reliability and scalability.

HTTP Client
REST API
Job Queue
Job Scheduler
Domain Lock Manager
Worker Pool
(150 threads)
Proxy Manager
(150 proxies)
Spider Engine
Passive Scanner
Results

Key Technical Details

Per-Worker Proxy Isolation

Each worker maintains its own ConnectionParam for parallel proxy application. No global locks, full concurrency.

Fixed Polling (Phase 3)

50ms fixed polling interval eliminates straggler jobs. No exponential backoff, consistent timing.

Passive Scan Hard Cap

3-second hard cap on passive scan wait. Most alerts generate in <1s, move on quickly.

Spider Seeding Solution

Critical TYPE_ZAP_USER history references ensure spider sees seed URLs. 100ms wait for ZAP processing.

Timeout Watchdog

Scheduler checks for timeouts every 5 seconds. Jobs exceeding max duration are failed automatically.

ETA Guard

4-hour batch SLA enforcement. Jobs with ETAs exceeding limit are rejected to maintain throughput.