Skip to main content
CyStack VulnScan is an enterprise vulnerability scanning product developed and owned by CyStack. It helps organizations continuously understand their external attack surface, detect exploitable vulnerabilities, prioritize what to fix first, and produce evidence-backed reports for security, IT, engineering, compliance, and executive stakeholders. CyStack VulnScan has been granted Copyright Registration Certificate No. 10694/2025/QTG by the Copyright Office of Vietnam under the Ministry of Culture, Sports and Tourism of Vietnam. CyStack VulnScan dashboard

Why Organizations Use VulnScan

Modern attack surfaces change every day: new subdomains, exposed admin panels, temporary APIs, outdated services, forgotten cloud buckets, weak TLS, and vulnerable third-party components. A one-time penetration test cannot provide continuous visibility, while raw scanner output is often too noisy for remediation teams. CyStack VulnScan is designed to close that gap:
  • Find more real risk by combining discovery, service fingerprinting, active vulnerability checks, version-to-CVE matching, vulnerability intelligence, and optional AI-assisted analysis.
  • Reduce false positives by requiring concrete version evidence, exact/range CPE matching, verification signals, confidence scoring, deduplication, and optional AI review of noisy evidence.
  • Prioritize remediation with severity, CVSS, EPSS, CISA KEV, public exploit indicators, confidence, and a 0-100 risk score.
  • Support both Web UI and CLI so analysts can work interactively while automation pipelines still write scan history into the same database.
  • Produce management-ready output through bilingual UI/reporting, PDF jobs, CSV/JSON export, and email notification.
  • Support governed usage through visible license scope, target limits, activation status, and expiration information.

What VulnScan Can Assess

VulnScan is focused on Internet-facing assets and externally reachable services:
ScopeExamplesWhat VulnScan Checks
Domainsacme.comDNS, subdomains, web exposure, WAF/CDN, TLS, web vulnerabilities, exposed files, misconfiguration.
Subdomainsapi.acme.comApplication/API risk, endpoint discovery, known CVEs, authentication-sensitive checks.
IP addresses203.0.113.21Open ports, service banners, protocol checks, weak/default access, TLS and service CVEs.
CIDR/ranges203.0.113.0/28Live host discovery, exposed services, inherited license target counting, scan history per host.
Authenticated web appsCookie, header, Basic Auth, form loginDeeper crawling and checks behind login where credentials are provided by the user.

Product Capabilities at a Glance

AreaCapability
DiscoveryDNS/subdomain discovery, live host probing, port scanning, service detection, technology fingerprinting, WAF/CDN detection, TLS inspection.
Vulnerability detectionBuilt-in DAST modules, high-confidence CyStack checks, known-CVE detection, weak/default credential checks, unauthenticated service checks, HTTP misconfiguration checks, and optional AI-assisted evidence analysis.
IntelligenceLocal NVD CPE-to-CVE database, CVSS, EPSS, CISA KEV, CWE, OWASP Top 10, OWASP WSTG, public exploit indicators.
Accuracy controlsExact/range version matching, confidence scoring, verified finding preference, deduplication, wildcard-CPE suppression, source normalization.
WorkflowWeb UI, CLI, schedules, workspace members, scan source tracking, report jobs, email notifications.
AI and localizationOptional AI-assisted detection support, false-positive reduction, prioritization, remediation explanation, executive summaries, and English/Vietnamese output where enabled.

How a Scan Works

  1. Scope and license validation: VulnScan normalizes the target and validates it against the active license before work is queued.
  2. Discovery: The scanner discovers alive hosts, subdomains, open ports, server metadata, WAF/CDN signals, TLS certificates, and web/API endpoints.
  3. Fingerprinting: Services, technologies, CMS/frameworks, WordPress plugins/themes, protocol banners, TLS details, SSH/SMB/SNMP hints, and CPE candidates are identified.
  4. Detection: Built-in DAST checks, CyStack verification checks, unauthenticated-service checks, default-credential checks, optional AI-assisted analysis, and CPE-to-CVE matching run against the discovered surface.
  5. Enrichment: Findings are enriched with CVSS, EPSS, CISA KEV, CWE, OWASP Top 10, OWASP WSTG, remediation guidance, and exploitability signals.
  6. Deduplication and scoring: Duplicate findings are merged, the highest-confidence evidence is kept, and a risk score is calculated.
  7. Persistence: Standard Web UI, scheduled, and CLI scans are written to the same database with scan source metadata.
  8. Reporting: Users triage findings in the Web UI or export CSV, JSON, and PDF reports.

Deployment Model

CyStack VulnScan is distributed as a binary application compatible with Windows, macOS, and Linux. To obtain the binary and a matching license, contact CyStack Sales at sales@cystack.net. One binary supports two operating modes:
  • Web UI for interactive asset management, scanning, triage, reports, members, mail settings, and license management.
  • CLI for automation, scheduled jobs, CI/security pipelines, offline preparation, and scripted report export.
Each instance is treated as one workspace. Workspace data is stored locally in the configured data directory, including members, assets, scans, findings, reports, mail settings, and license state.