Projects & Scan Profiles
Group your targets, customize your scans, and manage your findings — all from one unified platform.
Projects: Your Security Command Center
Real-world applications are rarely a single URL. They span multiple domains, subdomains, APIs, and environments. Projects give you a logical grouping layer so you can reason about the security of an entire product, not just individual pages.
Group Multiple URLs
Organize all of your domains, subdomains, and application endpoints under a single project. A typical SaaS product might include the marketing site, the app itself, an API endpoint, and a documentation portal — all of which need scanning. Projects let you manage them as one cohesive unit instead of juggling individual URLs.
Scan All Targets at Once
Trigger a project-wide scan with a single click or API call. Every URL in the project is scanned in parallel using the same scan profile, and results are aggregated into a unified view. You can also schedule project scans on a recurring cadence for hands-off monitoring.
Per-Target Scan History
While projects aggregate results, you never lose target-level granularity. Each URL maintains its own scan history, risk score trend, and finding list. Drill down from the project overview to a specific target to see how its security posture has evolved over time.
Project-Level Risk Score
Your project risk score is the weighted aggregate of all target scores. It gives management and compliance teams a single number that represents the overall security health of an initiative, without requiring them to interpret individual scanner results.
Prove Ownership Before You Scan
Domain verification ensures that you only scan targets you control. Vuln0x uses DNS TXT record verification — you add a unique TXT record to your domain's DNS, and we verify its presence. Once verified, all subdomains and paths under that domain are automatically trusted.
Verification is a one-time step per root domain. It unlocks advanced features like scheduled scans, webhook notifications, and the ability to add the domain to multiple projects. Unverified domains can still be scanned on-demand, but scheduled and automated workflows require verification.
Add This TXT Record to Your DNS
Type: TXT
Host: _vuln0x.example.com
Value: vuln0x-verify=sv_a1b2c3d4e5f6Verified Domain
example.com
Scan Profiles: Reusable Scanner Combinations
Not every scan needs all 27 engines. Scan profiles let you save custom combinations of scanners and reuse them across targets and projects. Create a fast profile for CI checks, a thorough profile for audits, and a framework-specific profile for your Next.js applications.
CI Check
A lightweight profile designed for pull request checks. It runs the fastest scanners — headers, SSL/TLS, and CORS — to catch the most common regressions without slowing down your pipeline. Typically completes in under 10 seconds.
Included Scanners
Full Audit
The comprehensive profile that enables all 27 scanner engines. Use this for periodic deep scans, pre-launch audits, or when onboarding a new target. It covers everything from HTTP headers to port scanning to framework-specific vulnerabilities.
Included Scanners
Framework Deep Scan
Tailored for Next.js and React applications. This profile enables the 10 framework-specific scanners that detect source map exposure, client-side secrets, auth logic flaws, and rendering-related vulnerabilities alongside core checks.
Included Scanners
Smart Credit Usage
We believe you should not pay full price to confirm a fix or re-check a known issue. Vuln0x offers discounted rescan and single-finding verification options so you can iterate on fixes without depleting your credit balance.
Full Scan
1 Credit
A complete scan with your chosen profile against a single target. All findings, risk score, and downloadable reports included.
Rescan
50% Off
Re-run the same scan configuration against the same target. Perfect for verifying that a round of fixes actually resolved the reported issues.
Verify Finding
1 Credit
Re-check a single specific finding to confirm whether it has been resolved. The fastest way to close out individual issues in your backlog.
Finding Lifecycle Management
Every finding in your project follows a clear lifecycle. Triage incoming issues, track remediation progress, and maintain a complete audit trail of who changed what and when. Status changes are reflected across all reports and the project risk score updates in real time.
Newly discovered vulnerabilities that need review. These findings actively contribute to your risk score.
Reviewed and confirmed. Remediation is planned or underway. Still counted in your risk score until resolved.
Remediated and verified. The finding no longer affects your risk score. Verify with a 1-credit rescan to confirm.
Deliberately accepted after evaluation. Documented for compliance but excluded from your active risk score.
Start securing your vibe-coded projects today
20 free credits on signup. No credit card required.