Offensive Security Toolkit

REVENANT

Nothing Stays Buried

101-module offensive security scanner. Zero dependencies. One command.

Try the Live Demo View on GitHub
revenant — scan session
$ revenant scan https://target.com --full
[*] REVENANT v2.0 — 101 modules loaded
[*] Target: target.com (104.21.73.55)
[+] SSL/TLS: TLS 1.3 — Grade A
[!] HEADERS: X-Frame-Options missing
[!!] XSS: Reflected XSS in /search?q= (HIGH)
[!!] SQLi: Error-based injection /api/users?id= (CRITICAL)
[!] CORS: Wildcard origin accepted on /api/*
[+] Scan complete: 4 Critical, 7 High, 12 Medium
0
Scan Modules
0
Injection Tests
0
Compliance Frameworks
0+
API Endpoints
Capabilities
Built to Breach

Every module purpose-built for real-world offensive security operations. No bloat. No noise. Only signal.

Real-Time Scanning

WebSocket streaming delivers findings the instant they're discovered. Watch the attack surface unfold live.

Attack Chain Analysis

MITRE ATT&CK mapping, kill chain correlation, and composite threat scores. See how findings chain together.

Compliance Mapping

PCI-DSS 4.0, SOC 2, HIPAA, NIST CSF, OWASP Top 10, CIS Benchmarks, ISO 27001. Every finding tagged.

CI/CD Integration

SARIF export, full REST API, GitHub Actions compatible. Break the build on critical findings.

Executive Reports

White-label HTML reports with grade scoring and trend analysis. Board-ready in one click.

Zero Dependencies

Single Python package. No Node. No Java. No Docker required. Install and run in under 30 seconds.

Attack Surface
101 Modules. Every Vector.

From reconnaissance to exploitation. Every category a real attacker would use.

SSL/TLS Analysis Security Headers Reflected XSS SQL Injection SSTI NoSQL Injection XXE Command Injection WordPress Deep Scan Port Scanning DNS Reconnaissance Subdomain Discovery Cloud Storage Recon Credential Testing WAF Detection CORS Exploitation Race Conditions Deserialization Session Security CSP Bypass CSRF Testing Directory Bruteforce API Enumeration JWT Analysis GraphQL Introspection HTTP Smuggling SSRF Open Redirect Cookie Security Technology Fingerprint CVE Correlation HSTS Preload
Workflow
Three Steps. Full Recon.

From target to actionable intelligence in minutes, not hours.

01

Point

Enter a target URL or IP address. Define scope, select modules, or run the full arsenal.

02

Scan

101 modules execute in parallel with real-time WebSocket streaming. Watch findings appear live.

03

Report

Actionable findings with remediation guidance, compliance tags, MITRE mappings, and executive reports.

Plans
Choose Your Arsenal

Start free. Scale when you're ready.

Community
Free
Open source. Self-hosted. Unlimited scans.
  • Full CLI + Web UI
  • All 101 scan modules
  • Real-time scanning
  • HTML report export
  • Self-hosted deployment
  • Community support
Get Started
Pro
$49/mo
Cloud-hosted. Automated. Team-ready.
  • Everything in Community
  • Cloud-hosted scanner
  • Scheduled & recurring scans
  • Full REST API access
  • SARIF export for CI/CD
  • White-label reports
  • Priority email support
Start Free Trial
Enterprise
Custom
On-prem. Customizable. SLA-backed.
  • Everything in Pro
  • On-premise deployment
  • SSO / SAML integration
  • Custom scan modules
  • Guaranteed SLA
  • Dedicated support engineer
  • Security review & audit
Contact Sales