Everything you need to know about Huginox.
Huginox is an enterprise vulnerability management platform that provides continuous security scanning, vulnerability tracking, compliance reporting, and team collaboration. It scans your websites, servers, networks, APIs, and code repositories for security vulnerabilities and helps you manage the entire remediation lifecycle.
Sign up for a free account — no credit card required. Add your first target (a domain or IP address), run a scan, and review the results. The onboarding wizard guides you through each step. You'll have your first scan results in under 5 minutes.
No. Huginox is a cloud-based platform — just sign in via your browser. The only exception is if you want to scan internal/private network targets, in which case you can deploy a lightweight scan agent on your network. The agent is a single .NET executable that connects to your Huginox account.
Yes. All new accounts get a 14-day free trial of Pro features. After the trial, you can continue on the Free plan (5 targets, limited features) or upgrade to Pro or Enterprise.
Huginox includes 8 scanner engines:
It depends on the scan type and target size. A port scan typically completes in 1-3 minutes. SSL/TLS and DNS checks take under 30 seconds. A full web vulnerability scan with crawling can take 5-15 minutes depending on the site size and crawler depth. Code scans depend on repository size.
Yes. Pro and Enterprise plans support scheduled scans — daily, weekly, or monthly at a specific time (UTC). You can also create scan profiles to save your preferred scan configuration and reuse it.
Yes. Deploy a Huginox scan agent inside your network. The agent polls the platform for tasks, executes scans locally against internal targets (e.g., 192.168.x.x, 10.x.x.x), and reports results back securely over HTTPS. Targets on private IPs are automatically routed to available agents.
Scans originate from our cloud infrastructure. If you need to whitelist our scanner IPs in your firewall, contact support for the current list. For internal scans, the agent runs from your own network — no firewall changes needed.
Huginox scans are designed to be non-destructive. Port scans and SSL checks are passive. The web vulnerability scanner uses safe payloads that don't modify data. However, we recommend testing on staging environments first if you have concerns. You can control scan intensity via the Max Parallel and Crawler Depth settings.
Each vulnerability gets a unique fingerprint based on SHA256(host + scan type + title + URL). When the same vulnerability is found in subsequent scans, it's matched to the existing record instead of creating a duplicate. When a previously found vulnerability is no longer detected, it's automatically marked as Resolved.
SLA (Service Level Agreement) policies define remediation deadlines per severity level. For example: Critical vulnerabilities must be fixed within 1 day, High within 7 days. When a deadline is missed, the vulnerability is flagged as "SLA Breached" and escalation emails are sent to configured recipients.
Yes. Create suppression rules to automatically dismiss known false positives. Rules can match by fingerprint, title pattern, host pattern, or scanner type. Suppressed vulnerabilities are tracked as "Dismissed" with the suppression reason for audit purposes.
Yes. Assign any vulnerability to a team member with a single click. The assignee receives an email notification. You can also add comments on vulnerabilities for team collaboration and track the full activity timeline.
Yes. Export vulnerabilities as CSV for spreadsheet analysis, or generate PDF reports with your company branding. The REST API also provides full programmatic access to all vulnerability data.
Huginox includes built-in compliance mapping for CIS Controls v8, NIST 800-53 Rev 5, and ISO 27001:2022. Each framework includes relevant security controls that map to vulnerability findings. You can generate compliance PDF reports showing your compliance score per framework.
Yes. Configure your company name, logo, brand color, report title, and footer text in Settings. All PDF reports (scan reports, compliance reports, scheduled reports) use your branding.
Yes. Create report schedules that automatically generate and email PDF reports to specified recipients at configurable intervals (e.g., weekly executive summary, monthly compliance report).
Yes. Continuous vulnerability scanning with documented remediation timelines, SLA tracking, audit logs, and compliance reports provide the evidence auditors need. The compliance dashboard shows your real-time compliance posture across supported frameworks.
Huginox integrates with:
Yes. The REST API supports creating scans, listing vulnerabilities, querying targets, and retrieving scan status. Authenticate with API keys (Bearer token). Full OpenAPI/Swagger documentation is available at /api-docs in your Huginox instance.
Yes. Use API keys to trigger scans programmatically from GitHub Actions, Azure Pipelines, Jenkins, or any CI/CD tool. The API returns scan status so you can gate deployments on security scan results.
All data is stored in encrypted PostgreSQL databases with tenant-level row isolation. Sensitive fields (API tokens, credentials) are encrypted at rest using AES-256-GCM. All connections use TLS. We maintain immutable audit logs of all access and modifications.
Yes. Every database query is automatically filtered by tenant ID using EF Core global query filters. No tenant can access another tenant's data. This is enforced at the database layer, not just the application layer.
Huginox supports passwordless magic link login (email-based), TOTP two-factor authentication (Google Authenticator, Authy), and Microsoft Entra ID (Azure AD) SSO per tenant. Tenant admins can enforce MFA for all users.
Yes. We support data export (Article 20 — Right to Data Portability), account deletion (Article 17 — Right to Erasure), configurable data retention policies, and cookie consent. We use essential cookies only — no third-party tracking.
Yes. Enterprise plans support IP allowlisting per tenant. Configure a list of allowed IP addresses or CIDR ranges — access from other IPs is blocked.
Huginox offers three plans: Free ($0), Pro ($99/month), and Enterprise ($499/month). Plans differ by target limits, concurrent scans, features, and support level. See our pricing page for full details.
Yes. Cancel your subscription at any time from your account settings. Your data remains available for 30 days after cancellation for export, then it's permanently deleted.
You can add targets beyond your plan's limit, but you won't be able to scan them until you upgrade your plan or remove other targets. You're never charged automatically for overages.
Yes. Contact our sales team for custom pricing on large deployments, MSP partnerships, or annual billing discounts.