Deep Scan – In-depth Vulnerability Analysis
The deep scan is the most thorough automated engine: it runs active vulnerability tests, goes beyond pure banner analysis and returns verified findings with evidence artifacts. For teams that don't just want to know what might theoretically be vulnerable – but what actually is.
Includes distributed scanning across a cloud fleet for large scopes.
What we check
Here is what the Deep scan covers – concrete and verifiable.
- Active vulnerability tests instead of pure version heuristics
- Broad CVE coverage with up-to-date nuclei templates
- Misconfigurations in web applications and services
- CISA-KEV enrichment (known exploited vulnerabilities)
- 1-click verification of individual findings
- Distributed scanning across a cloud fleet for large scopes
Your benefits
What the Deep scan actually gives you – beyond the pure technology.
Fewer false positives
Active tests and verification confirm whether a vulnerability is really exploitable – you don't waste time on phantom findings.
Proof, not claims
Every finding ships with evidence – a nuclei line, transcript or screenshot. That convinces developers and auditors alike.
Prioritise by real risk
CISA-KEV enrichment highlights vulnerabilities that are demonstrably being exploited – those go straight to the top.
Scales with the scope
Distributed scanning across a cloud fleet spins up automatically, spreads the load and is guaranteed to be torn down again.
How it works
- 1
Scope & authorisation
Define the target and prove authorisation – deep scans only run against approved assets.
- 2
Active testing
SnapScan runs active vulnerability tests and collects evidence artifacts for each finding.
- 3
Enrichment
Findings are enriched with CVE/CVSS, CWE and CISA-KEV status and sorted by risk.
- 4
Verify & fix
Verify individual findings with one click and confirm remediation after the fix.
Typical findings
- Actively exploitable RCE in an exposed servicecritical
- Known exploited CVE (CISA-KEV) on a public hostcritical
- Authentication bypass in a web applicationhigh
- Injection vulnerability with confirmed impacthigh
Example finding categories. Actual results depend on your environment.
Use cases
- Thorough testing of critical, externally reachable applications
- Solid findings for audits and compliance evidence
- Validation after major releases or infrastructure changes
- Large-scale assessment of extensive domain landscapes
Frequently asked questions
Is the deep scan invasive?
It runs active tests but stays within the authorised scope and rules of engagement. Real command execution only happens via Active Exploitation with a separate opt-in.
What does distributed scanning mean?
Large scopes are spread across an ephemeral cloud fleet. It spins up automatically, processes the work and is guaranteed to be torn down – with a fallback to a single host.
How does verification work?
Every finding can be re-tested individually. The result is unambiguous: still present, not observed, or inconclusive.
Goes well with
External scan
The 1-click check for your domain: subdomains, reachable services and known vulnerabilities – in minutes.
AI pentest
An autonomous AI agent thinks like an attacker: combines findings, follows paths and explains them clearly.
Active Exploitation
From suspicion to proof: controlled exploitation proves a vulnerability unambiguously – in three graded modes.
Ready for the Deep scan?
Start with a free scan or talk to us about the plan that fits your use case.