EASM · API Security · OWASP Top 10 · AI-Powered Analysis
Map your attack surface.
Reel in every vulnerability.
Blackhook discovers your full external attack surface, hunts API vulnerabilities across every endpoint, and delivers AI-powered remediation — before attackers find what you've missed.
// Demo:
⬡ API Scanner — Target
// TARGET URL, DOMAIN OR SUBNET CIDR
// SCAN DEPTH
// AUTH TYPE
// BEARER TOKEN
// API KEY VALUE
// HEADER NAME
// USERNAME
// PASSWORD
// COOKIE VALUE
// TOKEN URL
// CLIENT ID
// CLIENT SECRET
// SCOPE (optional)
⬡ Subnet sweep mode — will discover hosts then probe for API surfaces
⬡ Checks to Run
⚠ Only scan APIs / networks you own or have permission to test
⬡ External Attack Surface — Target Organisation
// ROOT DOMAIN OR ORGANISATION
// SCAN DEPTH
// ASN(s) (optional, comma-separated)
// SUBNET(s) (optional, comma-separated CIDR ranges)
⬡ Discovery Modules
⚠ Only scan organisations you are authorised to assess
⏳ Scan Scheduler
Automate recurring EASM, API, and subnet scans
—
Schedules
—
Active
—
Total Runs
—
Next Run
📅
No schedules configured
Click "New Schedule" to automate your first scan
Initializing...
0%
⬡ Subnet Scan Results
0
Live Hosts
0
Open Ports
0
Findings
0
Critical
FINDINGS
| ASSET | SEVERITY | FINDING | EVIDENCE |
|---|---|---|---|
| No findings yet | |||
0Live IPs
0Subdomains
0APIs Found
0Open Ports
0Exposed Services
0
Breaches
0
Vendors
0
🕸 Dark Web
—
Risk Score (?)
⬡ Asset Map
Top Risk Findings
Technology Stack
| Subdomain | Type | Value | TTL | First Seen | Status |
|---|
| IP Address | PTR / Hostname | ASN | Country / City | Open Ports | Technologies | WAF/CDN | Shodan | Risk |
|---|
| URL | Type | Server | Auth | Docs Found | Status Code | Risk | Action |
|---|
| Host | IP | Port | Protocol | Service | Banner | Risk |
|---|
| Host | Subject / CN | Issuer | Valid From | Valid To | Days Left | Protocol | Cipher Suite | Wildcard | Status |
|---|
// TLD variations and typosquat candidates — registered domains may indicate brand abuse or phishing infrastructure
| Domain | Type | Status | IP Address | Risk |
|---|
🪝 Hot Bait
High-Value Active Threat Intel
AI-analyzed threat intelligence correlated against your live attack surface.
Ranked by active exploitation activity, not just severity score.
🔥
Hot Bait not yet generated
Cross-references your live attack surface against recent CVEs, active
ransomware campaigns, exploit kit activity, and nation-state threat feeds — then ranks what to fix
right now.
—
/100
Security Score
Run a scan to see your API security posture.
0
Critical
0
High
0
Medium
0
Low
0
Info
⬡ Security Findings
⬡ Discovered Endpoints
| Method | Endpoint | Status | Auth | Response Time | Issues |
|---|