45 agents across 8 phases — from passive OSINT to version-validated CVE research.
Scheduled scans with automatic attack-surface diffs • Recon Intelligence • Bounty scope sync • PDF exports •
Grok executive reports, auto-delivered by email.
PayPal checkout. One token = one full scan. Paste your target and agents take over.
45 intelligent agents chain 8 phases — passive OSINT, DNS enum, active scanning, vuln checks, and Known Exploits CVE research.
Visual dashboard with KPI tiles, interactive charts, word maps, and click-through drilldowns to source tool output.
Grok executive report with version-validated CVEs — emailed on complete, exportable as PDF. Re-scans auto-diff against the prior run so you see what changed.
No self-hosted tools. No CLI hell. Just beautiful neon UI + agentic intelligence.
Each tool has its own dedicated custom AI agent module built specifically for it — intelligent parsing, smart filtering, and contextual analysis included.
Every single tool runs inside its own autonomous AI agent that understands the output and makes intelligent decisions.
Connect bounty platforms, schedule recurring recon, diff every re-scan against the last run, and earn badges as you discover — all from the same dashboard.
Link platform credentials on your profile, then browse and select any program you have access to. In-scope domains sync automatically — pick a target from the dropdown or launch Run All In Scope to queue scans across every eligible asset.
Enable recurring scans in Advanced Settings when submitting a job. Choose one-time, daily, weekly, or monthly cadence, pick your local timezone and run time, and let SquidScan re-run the full 45-agent pipeline on autopilot — no manual resubmission.
A re-scan alone is noise. SquidScan automatically compares each completed job to the previous completed scan of the same domain and surfaces what actually changed. That is what makes continuous monitoring useful for bug bounty hunting and red teaming: you see what appeared since last week, not another full dump to re-triage.
Open the dedicated Scan Changes view from any completed job, spot deltas on the job list, include changes in PDF exports, and get change context in scan-complete email notifications.
Diffed categories
Schedule weekly recon on your programs → wake up to “what changed” instead of re-reading the entire attack surface.
Earn badges automatically as agents discover technologies, security header gaps, OWASP Top 10 evidence, CVE confirmations, and more. Over 100 badges to collect — stackable counts show how many times you have found each issue class across targets.
Ship findings without reformatting. Export a professional PDF with selectable sections (including scan changes), share a public report link when you want external visibility, and receive email when a scan finishes — with change context when a prior run exists.
Attack surface at a glance — every job report includes interactive charts, KPI tiles, and word maps with click-through drilldowns to source evidence.
Attack surface funnel, HTTP status breakdown, vulnerability vectors, sensitive paths, security grades, scan progress, and CVE severity doughnut — all powered by Chart.js with loading states.
Subdomain prefix map and technology stack map in full-width rows. Noise-filtered fingerprinting shows only real services discovered from trusted sources.
Click any KPI tile or chart segment to scroll to the source tool output and flash-highlight the relevant finding. Trace every metric back to raw evidence.
The final-phase known_exploits agent aggregates every technology discovered across the scan, then uses Grok with live web search to find known CVEs and public exploits.
Recon Intelligence charts • Scan change detection • Scheduled recon • CVE severity • Word maps • PDF export • Auto-refresh
Submit domains and track all 45 agents
Recon Intelligence — KPIs, charts, and word maps
Technology fingerprinting and Grok AI reports
Badge system — 100+ earnable achievements with shareable details
HackerOne integration — sync programs and pick in-scope targets
Scheduled scans — recurring recon that diffs against your last run
Real screenshots from the live SquidScan app
This is an actual completed scan with full Grok AI analysis.
Click below to open the real report.
No subscriptions. Scans never expire.
Join the SquidSec crew.
CREATE ACCOUNT & SCAN YOUR FIRST DOMAIN →
SQUIDSCAN
— LIVE JOB REPORT
Job ID: ba54f6d5-0871-4c75-9525-a43fdbb7fcb5
This is a real, fully functional report from the live SquidScan platform
SQUIDSCAN
— MODULAR AGENTIC DEMO
Active Grok model details
Currently implemented
Grok 4.5 is xAI’s frontier model built for coding, agentic workflows, and knowledge work. SquidScan uses this live model ID for executive report synthesis, known-exploit / CVE research, and other AI-assisted recon analysis across the platform.
Built for
How SquidScan uses it