Scanning, tracking, compliance, integrations, and team collaboration — unified in a single pane of glass.
8 scanner engines covering every layer of your infrastructure.
Port scanning with service detection identifies open ports, firewall misconfigurations, and accidentally exposed services. Optional Nmap integration for deep fingerprinting.
SSL/TLS analysis checks certificate validity, expiry dates, cipher suite strength, protocol versions, and known vulnerabilities like Heartbleed.
Web vulnerability scanning detects OWASP Top 10 issues — SQL injection, XSS, CSRF, insecure headers, and more. Configurable crawler depth and confidence thresholds.
Validates SPF, DKIM, DMARC records, checks for zone transfers, DNSSEC status, and enumerates subdomains for shadow IT discovery.
Static analysis (SAST) of source code repositories. Secret scanning detects hardcoded API keys and credentials. Dependency scanning finds vulnerable packages.
Deploy lightweight scan agents inside your network. Private IPs are automatically routed to available agents — no firewall changes needed.
From discovery to resolution — every step is tracked and auditable.
Automated scanning finds vulnerabilities across your entire attack surface. Continuous or scheduled — you choose the cadence.
SHA256 fingerprinting ensures each vulnerability is tracked once, even when found by multiple scanners or across scans.
CVSS scoring, severity classification, and SLA policies help your team focus on what matters most. EPSS enrichment from NVD for exploit likelihood.
Assign to team members, add comments, track activity timelines. Email notifications keep everyone in the loop.
Fix the issue, re-scan, and Huginox automatically marks it as Resolved. Scan comparison shows exactly what changed.
Generate branded PDF reports, compliance assessments, and executive dashboards. Scheduled reports keep stakeholders informed automatically.
Security, scalability, and governance at every level.
Complete data isolation between customers. Row-level security in PostgreSQL ensures no cross-tenant data leakage. Each tenant gets their own configuration, branding, and users.
Passwordless magic link login for simplicity. TOTP two-factor authentication for security. Microsoft Entra ID (Azure AD) SSO for enterprise identity management.
Three tenant roles (Owner, Admin, Member) plus platform admin. Granular control over who can scan, configure, and manage.
Immutable audit log tracks every action — who did what, when, from which IP. Essential for compliance audits and incident investigations.
REST API with key-based auth for CI/CD integration. Webhooks push events to Slack, Teams, Jira, or any HTTP endpoint with HMAC signing.
AES-256-GCM encryption at rest. Configurable retention policies. GDPR data export and account deletion. IP allowlisting per tenant.
Start your free trial or request a personalized demo.