Security Testing Platform

One platform for
offensive security.

A scanner with 51 modules, AI orchestration over 150+ tools, and a marketplace of third-party tool packs. Bring your own AI key with MCP. Built for pentesters, red teams, and the builders who arm them.

View Pricing

Scanner

51 modules

SPA-aware web and API scanning. Real attack payloads for SQLi, XSS, SSRF, SSTI, XXE, and 40+ more. Evidence-based reports, not signature guesses.

Operator

150+ tools, AI orchestration

AI-driven orchestration across 150+ offensive and defensive tools. Chain recon, exploitation, and triage. Bring your own AI key via MCP.

Tool Packs

Partner ecosystem

Install à la carte packs built by third-party researchers. Partners set their price. Build, publish, and sell your own packs on HackTool.

51
Scanner Modules
150+
Tools Orchestrated
Included
Operator AI
Supported
MCP / BYOK
Marketplace
Tool Packs
Mac, Win, Linux
Platforms
Operator — AI Orchestration

AI orchestration
across 150+ tools.

Operator chains recon, exploitation, and triage into a single workflow. Bring your own AI key via MCP.

Point it at a target, walk away

Give Operator a scope and an objective. It picks from 150+ tools, chains them, and hands you a report. No babysitting, no glue scripts.

Chained workflows, not manual plumbing

Recon feeds exploitation. Exploitation feeds post-exploit. Results land in one timeline with full evidence. Stop gluing CLIs together.

MCP mode with BYOK

Bring your own AI key. Run Operator over MCP against Claude, GPT, or local models. Your prompts, your keys, your governance.

hacktool operator --mcp --provider=anthropic
> pentest target=api.example.com scope=auth,injection
[operator] planning workflow... 4 tools selected
[nuclei] 1,247 templates matched, running...
[finding] IDOR on /v1/users/:id — evidence captured
[operator] pivoting to auth bypass module...
[finding] JWT accepts alg:none — HIGH
[operator] report written — 7 findings, 2 HIGH, 3 MED, 2 LOW
SCANNER — 51 MODULES

Automated Security Scanning
With Real Attack Payloads

51 Scanner Modules

Scan Like a Real Attacker

The HackTool scanner uses the same payloads and techniques real attackers use. 51 modules test for injection flaws, authentication bypasses, server misconfigurations, and more, then produce evidence-backed reports you can hand to developers or auditors.

Get Started →

How the scanner works

Comprehensive Vulnerability Detection

SQLi, XSS, SSRF, SSTI, LFI, XXE, CSRF and 40+ more module types across 51 modules. Real payloads derived from actual exploits, not signature matching.

Scanner Phases
  • Discovery
  • Crawling
  • Testing
  • Reporting

Intelligent Discovery and Crawling

Technology fingerprinting, SPA-aware crawling, hidden parameter detection, JavaScript analysis, and WAF detection. Automatically maps your attack surface.

Module Coverage
Injection
Auth & Session
Configuration
Client-Side

Evidence-Based Reporting

Every finding includes the exact request, response, and proof of exploitation. Export to PDF for stakeholders or JSON for integration with your security toolchain.

Scan Pipeline
FingerprintCrawlFuzzValidate
Real payloads, not signatures

What the scanner tests

Injection Testing
SQLi, NoSQL, LDAP, XPath, command injection
Authentication & Session
OAuth, JWT, CSRF, session fixation
Client-Side Security
XSS, clickjacking, CORS, prototype pollution
Server-Side Attacks
SSRF, SSTI, deserialization, XXE, LFI
Discovery & Recon
Tech fingerprinting, hidden params, JS analysis
Configuration & Hardening
Security headers, TLS config, SCM exposure

How It Works

From install to evidence-backed findings in four steps.

01

Install

Download HackTool for Mac, Windows, or Linux.

02

Configure

Set scope, pick tool packs, plug in your AI key for MCP mode.

03

Run

Launch the scanner or hand the job to Operator. It picks the tools, executes, and iterates.

04

Report

Evidence-backed findings with full request/response. Export PDF or JSON.

Use responsibly. Only scan systems you own or have permission to test.

Trusted by innovative teams

mybacs.com
gfund.vc
DeepMetis
yeezy
roam-ai
Ahead
MCH
EIP-Munich

Why Automated Scanning Matters

Deep Vulnerability Coverage

51 scanner modules testing for OWASP Top 10, business logic flaws, and misconfigurations. From SQL injection to SSRF, every test uses real-world payloads.

SPA-Aware Scanning

Handles modern JavaScript applications, extracts routes from bundles, discovers API endpoints automatically, and crawls single-page apps that traditional scanners miss.

Actionable Evidence

Every finding includes proof: the exact request, response, and exploitation evidence for verification. No false positives without receipts.