🏆 We're live on Product Hunt!Upvote us →

SaaS Platform — Launching Soon

Your AI
Penetration Tester

AI-powered pentesting, IP monitoring, and compliance — in one platform. ObsidianScan runs parallel AI agents that find vulnerabilities, track your attack surface, and keep you SOC 2 & GDPR ready.

Get Early Access → ▶ See the Pipeline
Obsidian Scan - AI pentester that finds what scanners miss | Product Hunt OWASP WSTG v4.2 Compliant
Scans IP Monitor Compliance Reports
+ New Scan
Projects
📂 app.example.com 13
📂 api.startup.io 5
📂 dashboard.saas.co 0
Monitoring
🌐 IP Scan & Monitor
📋 SOC 2 Tracker
🔒 GDPR Checker
app.example.com — Scan #47
● LIVE SOC 2 GDPR
13
Critical
11
High
8
Medium
102
WSTG Tests
Recent Findings32m 28s
CRITSQL Injection in /api/users/:idCWE-89
CRITIDOR — Horizontal privilege escalationCWE-639
HIGHStored XSS via profile bio fieldCWE-79
HIGHSSRF via avatar URL parameterCWE-918
MEDMissing rate limiting on /auth/loginCWE-307
102
WSTG Test Cases
<35min
Full Assessment
3
Compliance Frameworks
24/7
IP Monitoring
Built For

Who Uses ObsidianScan?

💻

Startup CTOs & Developers

Ship faster without sacrificing security. Run a pentest before every release — no waiting 4 weeks for consultants.

Most Popular
🛡

Security Teams & Pentesters

Augment your manual testing with AI-powered reconnaissance and source code analysis. Cover more ground in less time.

Power Users
🎯

Bug Bounty Hunters

Find IDORs, auth bypasses, and business logic flaws that basic scanners miss. Get to P1 submissions faster.

Coming Soon
Capabilities

Everything a Pentester Does,
Automated by AI

ObsidianScan doesn't just scan surface-level issues. It reads your source code, understands your architecture, and tests like an expert.

🔍

White-Box + Black-Box

Combines source code analysis with live application testing. Traces data flows from user input to database sinks, then validates with real requests.

🛡

OWASP WSTG v4.2

Every scan follows the OWASP Web Security Testing Guide methodology. 102 test cases across 12 categories with full compliance reporting.

5 Parallel AI Agents

Injection, XSS, Auth, Authorization, and SSRF agents run simultaneously. Each agent is specialized with deep domain knowledge and unique tooling.

🌐

IP Scan & Monitoring

Continuous IP and port monitoring across your infrastructure. Get alerted when new services are exposed, ports open unexpectedly, or SSL certificates expire.

📋

SOC 2 Compliance

Automated SOC 2 readiness checks mapped to Trust Service Criteria. Track security controls, identify gaps, and generate evidence for your auditors.

🔒

GDPR & DPA Compliance

Scan for personal data exposure, cookie consent issues, missing privacy headers, and data processing violations. Stay compliant with EU regulations.

📄

Executive Reports

Beautiful HTML reports with risk gauges, finding cards, source-to-sink traces, CVSS scores, CWE mappings, and prioritized remediation guidance.

🔎

Threat Intelligence

Integrated VirusTotal lookups, subdomain enumeration, port scanning, and technology fingerprinting. Know your external exposure before attackers do.

🔃

Crash-Safe Workflows

Built on Temporal for durable execution. If a scan crashes at minute 30, it picks up exactly where it left off. No lost progress, ever.

The Pipeline

Five Phases. One Command.

From reconnaissance to report, ObsidianScan orchestrates a full penetration test pipeline autonomously.

1

Pre-Recon

External scans (nmap, subfinder, whatweb) + deep source code architecture analysis

2

Recon

Attack surface mapping, API endpoint inventory, auth flow analysis, role hierarchy mapping

3

Vuln Analysis

5 specialized agents analyze injection, XSS, auth, authz, and SSRF simultaneously

5x parallel
4

Exploitation

Validates findings with real exploit attempts via headless browser automation

5x parallel
5

Reporting

Executive-level HTML report with VirusTotal intel, OWASP compliance matrix, and remediation plan

Why ObsidianScan

Not Another Scanner

Most tools find surface issues. We find what human pentesters find — at a fraction of the time.

Capability Basic Scanners
(ZAP, Nikto)		 Enterprise Tools
(Burp, Checkmarx)		 Manual Pentest
($15-50K)		 ObsidianScan
AI-Powered SaaS
Source code analysis
Live application testing
Business logic flaws
Authorization (IDOR) testingPartial
OWASP WSTG compliancePartialPartial
Automated reportBasicManual
IP scanning & monitoringPartial
SOC 2 compliance checks
GDPR / DPA complianceManual
Time to resultsMinutesHours2-4 Weeks<35 min
No setup required
Methodology

OWASP Top 10 Coverage

Every scan maps findings to the OWASP Top 10 2021 and WSTG v4.2 test cases.

A01

Broken Access Control

IDOR, privilege escalation, missing authorization, broken tenant isolation

A02

Cryptographic Failures

Weak TLS, hardcoded keys, insecure token lifetimes, plaintext transport

A03

Injection

SQL, NoSQL, command, SSRF — full source-to-sink data flow tracing

A04

Insecure Design

Business logic flaws, broken workflows, missing rate limiting

A05

Security Misconfiguration

Missing headers, permissive CORS, exposed debug endpoints

A07

Auth Failures

Weak passwords, session management, brute force, token security

A08

Software Integrity

Unverified webhooks, unsigned callbacks, CI/CD pipeline security

A10

SSRF

Server-side request forgery via URL ingestion, callbacks, and stored URLs

The Platform

Your Security Dashboard. Always Up to Date.

Connect your repository, enter your target URL, and hit scan. ObsidianScan handles everything — from agent deployment to report generation. Track every finding in your dashboard.

  • One-click scans from the dashboard
  • Connect repos via GitHub / GitLab / Bitbucket
  • 24/7 IP scanning & port monitoring
  • SOC 2, GDPR & DPA compliance tracking
  • Scheduled scans and CI/CD integration
  • Team workspaces with role-based access
Get Early Access →
app.example.com
13 Critical 11 High 8 Medium
Scan Status✔ Completed
Duration32m 28s
Files Analyzed847 files
WSTG Coverage102 / 102
Auth Bypasses13 IDOR findings
Injection Flaws2 NoSQL injection
SSRF Vectors5 confirmed
Pricing

Simple, Transparent Pricing

Start free. Scale as you grow. Every plan includes AI-powered pentesting, compliance checks, and executive reports.

Starter
$0/mo
Perfect for solo developers and side projects. Get started with no credit card.
  • 2 scans per month
  • 1 project
  • OWASP Top 10 coverage
  • Basic vulnerability report
  • IP scan (1 target)
  • SOC 2 compliance tracking
  • GDPR compliance checks
  • CI/CD integration
Get Started Free
Pro
$99/mo
For growing teams shipping fast. Full pentesting power with compliance built in.
  • 20 scans per month
  • 10 projects
  • Full WSTG v4.2 (102 tests)
  • Executive HTML reports
  • IP monitoring (25 targets)
  • SOC 2 readiness dashboard
  • GDPR compliance scanner
  • CI/CD integration & API
Get Early Access
Enterprise
Custom
For security teams and organizations that need unlimited power and dedicated support.
  • Unlimited scans
  • Unlimited projects
  • Full WSTG + custom rules
  • White-label reports
  • Unlimited IP monitoring
  • SOC 2 + GDPR + ISO 27001
  • SSO & RBAC
  • Dedicated account manager
Contact Sales

All plans include encrypted scan environments, VirusTotal integration, and threat intelligence. Prices shown are launch pricing — lock in your rate as an early adopter.

FAQ

Common Questions

What makes ObsidianScan different from OWASP ZAP or Burp Suite?+
ObsidianScan combines white-box source code analysis with black-box live testing. It reads your actual code to understand data flows, traces source-to-sink paths, then validates findings with real HTTP requests and browser automation. Basic scanners only do surface-level crawling without code understanding.
Is my source code secure on your platform?+
Yes. Your code is processed in isolated, encrypted containers that are destroyed after each scan. We never store your source code persistently. Code snippets are sent to AI models for analysis only during the active scan, and all data is encrypted in transit and at rest.
How do I get started?+
Sign up, connect your repository (GitHub, GitLab, or Bitbucket), enter your target URL, and click scan. That's it. No Docker setup, no CLI tools, no configuration files. ObsidianScan handles all the infrastructure.
Can I integrate ObsidianScan into my CI/CD pipeline?+
Yes. We provide API access and webhook integrations for CI/CD pipelines. Trigger scans on every PR, schedule recurring assessments, and fail builds when critical vulnerabilities are found. GitHub Actions, GitLab CI, and Jenkins integrations are on the roadmap.
How does SOC 2 and GDPR compliance tracking work?+
ObsidianScan maps scan findings to SOC 2 Trust Service Criteria and GDPR/DPA requirements automatically. You get a compliance dashboard showing your current posture, gaps to address, and exportable evidence for auditors. IP monitoring tracks your exposed services 24/7 and alerts on changes.
Is this safe to run against production?+
ObsidianScan is designed for defensive security testing on systems you own or have explicit permission to test. The exploitation phase attempts real attacks (safely) to validate findings. We recommend running against staging environments first.

Be First in Line

Join the launch list. Early adopters get priority access, direct input on the roadmap, and founding member perks.

🚀

Priority Access

First to try new features and releases

💬

Direct Roadmap Input

Shape the product with your feedback

Founding Member

Exclusive badge & community access

No spam. Unsubscribe anytime. We respect your privacy.

0 developers already joined