Menu
Backend tech-stack identification — web servers, runtimes, languages, frameworks, databases, APIs, and CMS via HTTP headers, cookies, error pages, and API discovery.
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
Stitches confirmed single-asset findings into multi-hop attack paths across the organization. Builds a graph where nodes are assets and edges are confirmed exploit hops citing the findings that enable them.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Pentest coordination — orchestrates executor and validator agents with context-controlled spawning. Entry point for all engagements.
Cryptanalysis techniques — lattice attacks, padding oracles, weak-RNG exploitation, signature forgery, secret-sharing recovery.
| name | techstack-backend |
| description | Backend tech-stack identification — web servers, runtimes, languages, frameworks, databases, APIs, and CMS via HTTP headers, cookies, error pages, and API discovery. |
Identify server-side technologies: web servers (nginx, Apache, IIS), runtimes (Node, Python, PHP, Ruby, Java, .NET), backend frameworks (Express, Django, Flask, Rails, Laravel, Spring, ASP.NET), databases (Postgres, MySQL, Mongo, Redis), CMS (WordPress, Drupal, Magento), and API surfaces (REST, GraphQL, OpenAPI).
Server, X-Powered-By, X-AspNet-Version, X-Drupal-*, X-Generator, etc.PHPSESSID, JSESSIONID, _rails_session, ...)/wp-admin/, /sites/default/)robots.txt directives