SecApps was built to help organizations to bootstrap security operations with off-the-shelf, readily available security tools and services. The following guide will help you select the right tool for the job.
The Suite is a growing collection of penetration testing tools. All tools are directly accessible from the browser which means that anyone can use them with no further setup required. The main focus of the tools is to help you assess security problems, troubleshoots vulnerabilities and bug fixes and perform investigations.
The Suite is offered as a monthly subscription.
Scout is a state of the art external asset fingerprinting and reconnaissance tool. With Scout, you can identify your own resources at scale and ensure no assets are left unchecked. The service will help you identify all domains and subdomains, discover IP addresses, ports and external services, identify all web applications, software types and associated vulnerabilities, fingerprint github repositories and social media profiles.
Scout can be used as an offensive and defensive tool. In fact, Scout is actively used as the supporting tooling by many Bug Bounty Hunters and some organizations which are seeking to minimize the impact of bug bounty reports. Especially large organization benefit from Scout by utilizing the power of the discovery technology to ensure that all assets are managed automatically.
Scout can also be used as part of your 3rd-party due-diligence program as the technical due-diligence tool. Before onboarding a 3rd-party you can use Scout to ensure that there are no known security vulnerabilities in the 3rd-party infrastructure. Additionally, you can monitor the 3rd-party over time using the Scout scheduling features.
Devcore is a unique service that helps you discover, and enumerate developer assets such as developer profiles, code repositories and package manager contributions at scale. Devcore will enumerate all resources and actively hunt for vulnerabilities such as secrets leaks which is one of the main sources of compromise today. This service is indispensable for growing organizations that wish to have better understandings of how secure are their developer workforce. Any compromised developer account could lead to a data breach.
Lookout is an automated web application security scanner. Unlike traditional scanners, Lookout can perform simultaneous scans on many assets at the same time giving you a holistic view on security vulnerability and overall health.