Secure Your External Perimeter.

Oscar Six Radar runs an automated external security assessment against your domain using industry-standard open-source tools and AI-powered analysis. Here's what happens during a scan:

1. Reachability & SSL Check — Verifies your site is accessible, validates SSL certificates, and detects WAF/CDN protection (Cloudflare, Akamai, AWS WAF, etc.).
2. Technology Detection — Fingerprints your web server, programming languages, frameworks, and CMS across common web ports using httpx.
3. Security Header Analysis — Checks for missing or misconfigured headers (HSTS, CSP, CORS, cookie flags, clickjacking protection, open redirects).
4. Reconnaissance — Discovers subdomains, scans ports via nmap, probes for sensitive files (.git, .env, backups), API endpoints (GraphQL, Swagger, REST), and scans JavaScript for exposed secrets and API keys.
5. AI-Powered Test Selection — Claude AI selects the most relevant vulnerability templates based on your detected technology stack, avoiding irrelevant noise.
6. Vulnerability Scanning — Runs Nuclei (by ProjectDiscovery) with targeted templates to test for thousands of known vulnerabilities including the OWASP Top 10.
7. AI Analysis — Claude AI filters false positives, identifies attack chains, and maps findings to compliance frameworks (PCI-DSS, HIPAA, SOC 2).
8. Report Generation — Produces a professional PDF with executive summary, prioritized findings, remediation steps, and compliance gap analysis.

We test for thousands of known issues using Nuclei templates, specifically targeting:

• OWASP Top 10: SQL Injection, Cross-Site Scripting (XSS), Broken Authentication, Server-Side Request Forgery (SSRF), and more.
• Infrastructure Flaws: Open ports, outdated software versions, weak SSL/TLS configurations, and default credentials.
• Security Misconfigurations: Missing HSTS, Content-Security-Policy, CORS misconfigurations, insecure cookie flags, and clickjacking vulnerabilities.
• Exposed Assets: Leaked API keys in JavaScript, .git and .env files, backup archives, debug endpoints, GraphQL/Swagger consoles, and JWT vulnerabilities.
• Known CVEs: Framework-specific vulnerabilities matched to your detected technology stack (WordPress, Spring, Django, Laravel, etc.).

Claude AI (by Anthropic) is used at multiple decision points throughout the scan:

• Smart test selection — Chooses relevant security tests based on your detected technology, so a WordPress site gets WordPress-specific checks instead of irrelevant Django tests.
• False positive filtering — Reviews raw findings and flags likely false positives before they reach your report.
• Attack chain detection — Identifies how multiple lower-severity vulnerabilities could be combined for greater impact.
• Compliance mapping — Maps findings to PCI-DSS, HIPAA, SOC 2, and OWASP Top 10 requirements so you know which standards are affected.
• Report writing — Generates the executive summary, remediation recommendations, and business-focused attack scenarios.

You receive a professional PDF report that includes:

• Executive Summary — A high-level overview written for non-technical stakeholders.
• Technical Findings — Every vulnerability grouped by severity (Critical, High, Medium, Low, Informational) with evidence and affected URLs.
• Remediation Guide — Prioritized fix recommendations for each finding.
• Attack Scenarios — Real-world narratives showing how an attacker could exploit the discovered vulnerabilities.
• Reconnaissance Overview — Discovered subdomains, open ports, exposed files, and API endpoints.
• Compliance Gap Analysis — How your findings map to PCI-DSS, HIPAA, SOC 2, and OWASP Top 10.

You need to add a TXT Record to your DNS settings containing a unique token we provide. This proves ownership and prevents unauthorized scanning.

Strict Scoping Rule: For legal and safety reasons, our scanner stays strictly within the exact hostname you provide. Subdomains like `api.domain.com` often reside on different infrastructure and require separate authorization.

Our scanner combines several industry-standard open-source tools with AI orchestration:

• Nmap — Port scanning and service detection.
• httpx (ProjectDiscovery) — Technology fingerprinting and HTTP probing.
• Nuclei (ProjectDiscovery) — Template-based vulnerability scanning with thousands of community-maintained checks.
• OpenSSL — SSL/TLS certificate and cipher validation.
• Claude AI (Anthropic) — Intelligent test selection, analysis, and report generation.