vulcn
v0.3 — Reporting, Drivers, Plugin Hooks

vulcn

BENEFITS OF MANUAL PEN TESTING. AUTOMATED.

Record browser interactions. Replay with XSS, SQLi, and SSRF payloads. Detect real vulnerabilities — not regex matches. Generate reports in seconds.

Get StartedStar on GitHub
$npm install -g vulcn
0
Built-in payloads
0
Packages
0
Tests passing
0
Report formats

See it in action

Two commands. Record your app, run security tests. Real vulnerabilities found in seconds.

Terminal

Workflow

Four steps to secure

From zero to vulnerability report in under a minute. No configuration files required.

01

Record

Open a browser, interact with your app naturally. Vulcn captures every click, keypress, and form input into a replayable session file.

vulcn record https://app.example.com
02

Run

Replay your session with security payloads injected into every input field. 25+ payload sets covering XSS, SQLi, SSRF, and more.

vulcn run session.vulcn.yml
03

Detect

Execution-based detection confirms real vulnerabilities. No false positives from regex — if alert() fires, the XSS is real.

⚠️ XSS Confirmed: alert() executed
04

Report

Generate branded HTML dashboards, machine-readable JSON for CI/CD, or human-friendly YAML. One flag, three formats.

vulcn run session.vulcn.yml --report all

Features

Built for modern security

Everything you need to find vulnerabilities, without the bloat of legacy tools.

Sub-second testing

Replay 100+ payload variations in under 2 seconds. No JVM startup, no XML configs.

Execution-based detection

Confirms XSS by monitoring actual alert() dialogs and console markers — not regex patterns.

Plugin architecture

Extend with custom payloads, detectors, and reporters. Hook into every lifecycle event.

Rich reporting

Generate branded HTML dashboards, JSON for CI/CD, or YAML for human review.

CLI-first workflow

Record, run, and report from your terminal. Pipe into CI/CD with exit codes.

Multi-browser support

Chromium, Firefox, and WebKit via Playwright. Auto-detects system Chrome.

Why Vulcn

The modern alternative

Compared to OWASP ZAP, Burp Suite, and other legacy scanners.

FeatureVulcnLegacy Scanners
Setup time30 seconds15–30 minutes
Config formatYAML + CLI flagsXML / GUI panels
XSS detectionExecution-basedPattern matching
CI/CD integrationExit codes + JSONPlugin required
Custom payloadsYAML filesScripting / API
ReportingHTML, JSON, YAMLHTML / PDF
RuntimeNode.js (lightweight)JVM (heavy)
Plugin systemnpm packagesProprietary
Vulcn

Ready to find vulnerabilities?

Install Vulcn in 30 seconds. Record your first session. Find real security issues.

Start for freeRead the docs
$npm install -g vulcn