Chat-driven workflow
Type scan example.com into the chat. That is the entire UX. The AI classifies your intent, kicks off a real scan in the background, streams progress live, then answers any follow‑up bound exclusively to the results. Ask "show only the criticals," "explain the SSRF chain," or "give me a curl PoC". It cannot hallucinate findings the scan did not produce.
PRIMARY UX · OPENAI + CLAUDE
Full stack scanner fleet
DNS, subdomains, CT logs, ports, SSL, CVE, vuln-templates, Nuclei (9000+ templates), CORS, CSRF, DOM XSS, SSRF, SSTI, deserialization, prototype pollution, race conditions, request smuggling, BOLA, GraphQL, JWT, OAuth, OSINT, WAF detection & bypass (70+ payloads), websocket, file upload, open redirect, cache poisoning, cloud-bucket, GitHub leaks, JS secret extraction, dark-web breach checks. All running in one parallel wave.
PARALLEL WAVE · ZERO-FP
Multi agent orchestrator
Recon, Enumeration, WAF Detection, Vulnerability, Exploit, Validator, Report. Plus six more for internal scans: Network Discovery, Active Directory, Credential, Lateral Movement, Privilege Escalation, and Attack-Path / Blast-Radius / MITRE Mapping. Each agent has its own toolset and reasoning trace. The Validator phase removes anything not backed by raw evidence before it reaches the report.
REASONING TRACE PER AGENT
Authenticated & cross-user scans
Hand Zeroday IQ a login URL, username, and password. It runs the form login in a real browser, captures the session, and tests the post‑auth surface. Add a second account and the BOLA detector runs cross‑user access‑control tests: can user B reach user A's resources? The kind of bug commodity scanners cannot see at all.
FORM LOGIN · JWT · OAUTH · BOLA
Internal network scans
Approved customers install a lightweight agent on a host inside their network. It runs the same modules from behind the firewall (network discovery, Active Directory, credential checks, lateral‑movement and privilege‑escalation analysis), then ships findings back into the same dashboard.
DOCKER AGENT · SUPER-ADMIN GATED
Continuous monitoring
Schedule re‑scans every 1, 6, 12, 24, 48 hours or weekly. Zeroday IQ diffs each run against the previous and only alerts on new findings. Slack, webhook, or email. No more weekly digests of issues you already saw last week.
DIFF-BASED · SLACK / WEBHOOK / EMAIL
Compliance-mapped PDF
Every finding tagged to SOC 2 · ISO 27001 · HIPAA · GDPR · PCI DSS · NIST CSF · OWASP Top 10, with CWE, CVSS 3.1, and MITRE ATT&CK references. The report ships the moment the scan finishes. No waiting on a consultant to write it up.
7 FRAMEWORKS · BOARD-READY
Zero false positives
The Validator agent is the last gate before any finding leaves the pipeline. Its system prompt is locked: every issue must include raw scanner evidence and a working PoC. If the model cannot show its work, the finding does not ship. Period.
GROUNDED · LOCKED PROMPT
Live progress · pick your model
Watch every module land in real time, with name, status, finding count, and timing. Choose OpenAI (GPT‑4o) or Claude (Sonnet 4.6) per scan. Quick mode finishes in about 8 to 12 minutes; deep mode runs the full pipeline in 15 to 25.
REALTIME STREAM · OPENAI + CLAUDE
