CYBERDOC DOCS
Back to CyberDoc

Scan Lab

The Scan Lab provides granular control over professional security scanning tools. Unlike the free CyberDoc health check (which runs automated breach, social, and browser checks), the Scan Lab lets you pick individual tools, target specific hosts, and generate detailed reports.

Plan access: Pro plan gets 10 scans/month with 5 basic tools (port scan, TLS, headers, DNS, subdomains). Business gets 30 scans/month with all 17 tools. Enterprise gets unlimited scans.

Available Tools

The Scan Lab offers all 17 server-side scanning tools as individually selectable options:

#ToolDescriptionTypical Duration
1nmapPort scanning and service detection30-120s
2nucleiTemplate-based vulnerability scanning60-180s
3niktoWeb server misconfiguration scanning30-90s
4testsslTLS/SSL configuration analysis20-60s
5httpxHTTP probing and tech detection5-15s
6ffufDirectory and file fuzzing30-120s
7digDNS record enumeration5-10s
8subfinderSubdomain discovery10-30s
9whoisDomain registration lookup3-8s
10origin-bypassOrigin IP detection behind CDN/WAF15-45s
11headers-checkSecurity headers verification3-8s
12tech-detectTechnology stack fingerprinting5-15s
13wafWAF detection (14 vendors) and bypass testing (10 techniques)20-60s
14webappWeb app vulnerabilities (14 OWASP checks)30-90s
15owaspOWASP extended (CORS, SSRF, subdomain takeover, rate limiting)20-60s
16apiAPI security (OWASP API Top 10)15-45s
17aiAI/LLM security (OWASP LLM Top 10)15-45s

How to Use

Step 1: Enter Target

Type or paste the target domain or IP address. The input accepts:

  • Domain names: example.com
  • Subdomains: staging.example.com
  • IP addresses: 203.0.113.42
  • URLs (domain is extracted): https://example.com/path
Authorization reminder. Only scan targets you own or have explicit written permission to test. The scan lab does not enforce authorization — it is your responsibility.

Step 2: Select Tools

Check the tools you want to run. Quick-select buttons are provided:

  • All — Select all 17 tools
  • Quick — Select fast tools only (httpx, dig, whois, headers-check, tech-detect)
  • Recon — Select reconnaissance tools (dig, subfinder, whois, httpx, tech-detect)
  • Vuln — Select vulnerability scanners (nmap, nuclei, nikto, testssl, waf, webapp, owasp)
  • AppSec — Select application security tools (webapp, owasp, api, ai, waf)
  • None — Deselect all

Step 3: Run Scan

Click "Run Scan" to dispatch the selected tools to the AWS scanner. Each tool runs and returns results independently. The UI shows real-time progress:

  • Tool name with status indicator (pending, running, complete, error)
  • Duration counter for the running tool
  • Results appear inline as each tool completes
  • Overall progress bar

Step 4: Review Results

Results are displayed in collapsible panels, one per tool. Each panel shows:

  • Tool name and execution time
  • Severity-rated findings (parsed from raw output)
  • Raw output (expandable, syntax-highlighted)
  • Finding count by severity

Step 5: Save & Act

After reviewing results, you can:

  • Save to Lab History — Persists results in the LAB_SCANS KV namespace (90-day TTL)
  • Create Ticket — Create a support ticket from any specific finding
  • Export — Download results as JSON
  • Re-run — Run the same tools again (useful after remediation)

Origin Testing

A key Scan Lab workflow is testing exposed origin servers. When a standard deep scan discovers an origin IP behind a CDN or WAF:

  1. The scan detail page flags the origin IP discovery as a finding
  2. Click "Run Targeted Scan" which opens the Scan Lab with the origin IP pre-filled
  3. The "Vuln" quick-select button is pre-checked (nmap, nuclei, nikto, testssl)
  4. Results show what is exposed on the unprotected origin — often significantly more than what the CDN reveals
Why origin testing matters. Many sites rely on their CDN or WAF (e.g., Cloudflare) for security. If the origin IP is discoverable and accessible, attackers can bypass all CDN-level protections. The Scan Lab lets you verify whether the origin is properly locked down.

Lab History

The Lab History section shows all saved scan lab runs. Each entry displays:

FieldDescription
Lab Scan IDUnique identifier for the lab run
TargetDomain or IP that was scanned
Tools UsedList of tools that were executed
FindingsCount by severity (e.g., 2 critical, 5 high, 3 medium)
DurationTotal scan duration
TimestampWhen the scan was initiated
Linked ScanLink to the originating CyberDoc scan (if applicable)

Lab history supports searching by target domain/IP and filtering by date range.

See the API Reference for endpoint documentation and the Pricing page for plan details.