Response differential
A computed marker the payload never carried appears in the response — SQLi UNION, command injection, SSTI.
resp contains 227*683 = 155041 → a value only the database could produce
It’s verified because it ran the exploit. Not “possible.” Not “potential.”
SecDog is a pure-Rust desktop pentest tool that fuses a Burp/Caido-style manual workbench with an autonomous AI exploit orchestrator — and only marks a finding verified when it has executed the exploit and sealed the evidence on your own machine.
- Sealed evidence per finding
- Target data never reaches our servers
- Manual workbench + autonomous swarm
For authorized testing only — your own labs or in-scope engagements.
The verified artifact, not the claim
Don’t trust the claim. Watch it execute — then re-run it yourself.
An LLM is persuasive but not trustworthy. So in SecDog a finding becomes verified only when a deterministic oracle returns hard, unforgeable evidence. The models plan and act; they can never declare something proven. Payloads supply form; oracles supply truth.
Out-of-band callback
A unique token lands on your local collector — blind SSRF, RCE, XXE.
collector ← GET /a9f3e1c.oob src=10.0.2.14 token matched, blind = confirmed
In-browser execution
A real Chromium sets a nonce on window — XSS, prototype pollution.
chromium → window.__sd === "nonce-7b21" script actually ran in a live DOM
Deterministic auto-retest
Replay the sealed chain; if it’s patched, the oracle stays silent.
replay chain → oracle: SILENT finding marked fixed — no model in the loop
A manual workbench. An autonomous operator. One pure-Rust app.
Drive it by hand or hand it the wheel — both paths run through the same verified engine, on the same evidence store.
- TLS-MITM intercepting proxy with per-host certs from a SecDog CA
- Replay / repeater with side-by-side response diff
- A hard scope gate — allowlist plus internal/metadata deny, enforced at the tool boundary
- Spider plus browser-rendered SPA capture across /rest, /api, /graphql
- A parallel swarm of 6 specialist agents: injection, xss, access-control, ssrf-oob, auth-session, files-misconfig
- A chat box as an optional control surface over the same verified engine
The model router — the moat
Bring any pool of models. SecDog routes each specialist to its best-fit brain.
Settings is provider and key only — there is no per-task model picker. Paste any mix (Claude, GPT, Gemini, Grok, DeepSeek, MiniMax, Qwen, Kimi…) and a capacity-aware assigner does the rest. A parallel swarm of six specialists — injection, xss, access-control, ssrf-oob, auth-session, files-misconfig — works the surface at once, each driving the same verified confirmer tools.
Tier inference
Every model id is auto-classified cheap / balanced / strong from its name — and an explicit per-entry override always wins.
Best-fit assignment
The reasoning-heavy specialists get the strongest model in the pool; the lighter ones run on the cheapest. A cheap-only or strong-only pool still serves every role, best-effort.
Per-provider hybrid
One key serves both tiers — the same provider runs gpt-5-mini for recon and gpt-5 for injection. Western, Chinese, or mixed pools all flow through one assigner.
Cooldown + failover
On sustained 429s an entry is marked cooling and the swarm re-routes around it with per-request backoff. Add a second cheap key and it just goes faster.
The self-improving loop
A self-improving AI agent: 53 playbooks built in — then it writes its own.
This is SecDog’s self-improving loop. It starts every engagement with 53 hand-written exploitation playbooks, one per vulnerability class. From there it gets sharper on its own: it remembers what it has verified, distills the techniques that worked into new reusable playbooks, and notes a target’s quirks — then folds all of it into the agents’ briefing when the next scan begins. SecDog literally starts the next engagement knowing what it learned on the last.
- 53 built-in playbooks — SQLi, SSRF, XXE, SSTI, request smuggling, OAuth/SAML, prototype pollution, business-logic, and more, surfaced per confirmer
- Remembers across engagements — every verified finding is recorded so the swarm can ask “have I beaten this stack before?” mid-task
- Writes its own playbooks — a technique that lands gets distilled into a reusable skill that joins the built-in set
- Starts the next run smarter — learned skills and durable notes load into the briefing at launch, so each engagement begins ahead of the last
All of it stays on your machine. And it never learns what to call “verified” — that gate stays sealed in the engine.
Local by design
BYOK, and local by design. Your target data never reaches our servers.
SecDog is BYOK — bring your own API key and run whichever LLM provider you trust. The engine is a pure-Rust app on your machine, and the cloud control plane (licensing, billing, telemetry) carries no target data: your traffic, findings, and evidence never reach SecBlok’s servers.
The honest caveat
A swappable cloud LLM does see hostnames and response snippets to plan attacks. Run a local / BYO model for full no-egress, and see exactly what leaves the box on our Trust page. What leaves the box →
20+ exploit confirmers
Twenty-plus exploitation confirmers. Form from payloads, truth from oracles.
Injection & execution
SQLi — auth-bypass
SQLi — UNION
SQLi — boolean-blind
SQLi — error-based
NoSQLi — MongoDB operator-injection
Command injection (RCE)
SSTI
XXE
Expression / XPath / LDAP / CRLF
Server-side & access
SSRF
SSRF — cloud-metadata
SSRF — blind OOB
Path traversal
IDOR / BOLA
JWT forging
Open redirect
CORS
Clickjacking
Browser-confirmed
XSS — live DOM execution
Prototype pollution
Sniff — passive hygiene
Missing security headers
Insecure cookies
Version banners
Directory listing
Verbose errors
Every confirmer is a deterministic oracle — no template-matching, no heuristics. Form comes from the payload corpus; truth comes from the oracle that watched it run.
Retest in one click. Deterministic. No model in the loop.
Every verified finding stamps its replay hints. Auto-Retest deterministically replays the chain through the same oracle — no LLM — to prove a vuln is still live, or confirm it’s fixed.
Findings mapped to OWASP Top 10, OWASP ASVS, PCI-DSS, and ISO 27001.
Every verified finding carries CWE and CVSS plus ATT&CK technique context, and maps onto the framework you need — including the DAST-testable subset of OWASP ASVS, attached to the right verification chapter. Export to CSV, JSON, Markdown, or HTML, backed by a durable run store.
- Mapped to OWASP Top 10 (2021), OWASP ASVS 4.0.3, PCI-DSS 4.0, and ISO 27001:2022
- CWE + CVSS + MITRE ATT&CK technique context on every finding
- CSV / JSON / Markdown / HTML export
- Durable run store across sessions
Real-time threat model
Watch the threat model build itself, in real time.
As SecDog works, it draws a live evidence map of your target: the real discovered attack surface — hosts, routes, and parameters from recon and crawling — with every oracle-verified finding overlaid the moment it lands. Solid, severity-coloured nodes are backed by sealed evidence; grey is surface that’s discovered but still clean. It’s a threat model grounded in what actually happened, not a speculative diagram.
- Live evidence map — the attack surface and verified findings render as the scan runs
- Scope-gated — it fires real exploit payloads, and refuses to fire outside your imported scope
- Steer-proof — prompt-injection provenance keeps target output from steering the agents
- Audit-logged — every run is logged; the EULA requires per-target written authorization
Pricing
Invite-only beta now. Then $169/year.
Individual
The whole app. Bring your own LLM key.
$169
/ year
or $109 / 6 months · BYOK (bring your own LLM key)
- The complete manual workbench + autonomous swarm
- 20+ verified exploit confirmers
- One-click deterministic retest
- Compliance mapping + CSV / JSON / Markdown / HTML export
Private beta is invite-only and free. Team and Enterprise (air-gapped / on-prem) later.
FAQ
Questions security teams ask.
What is SecDog Scanner?
SecDog Scanner is an autonomous AI penetration testing tool that finds web application vulnerabilities and proves them by executing the exploit and sealing the evidence. SecDog Scanner runs locally on the operator’s own machine and is built for independent pentesters, bug bounty hunters, red teams, consultancies, and in-house security teams.
How is SecDog Scanner different from a DAST scanner?
A traditional DAST scanner reports issues that might be exploitable. SecDog Scanner runs the exploit, confirms it with a deterministic oracle, and seals the evidence, so a finding is backed by proof instead of a guess.
Does SecDog Scanner prove that a vulnerability is exploitable?
Yes. SecDog Scanner marks a finding verified only after a deterministic oracle observes the exploit succeed, such as an out-of-band callback, a browser-executed payload, or a computed marker reflected in the response. Every verified finding ships with that sealed, replayable evidence.
Does SecDog Scanner send my target data to the cloud?
No. The SecDog Scanner engine runs on the operator’s machine, and target data never reaches SecBlok’s servers. The control plane handles only accounts, licensing, and opt-in telemetry. If the operator chooses a cloud LLM provider, that provider sees hostnames and response snippets to plan attacks; running a local or in-network model keeps everything on the machine.
Who is SecDog Scanner for?
SecDog Scanner is built for independent pentesters, bug bounty hunters, red teams, security consultancies and MSSPs, AppSec engineers, and in-house security teams. SecDog Scanner gives a single operator the reach of a team while staying useful for groups.
What vulnerabilities can SecDog Scanner confirm?
SecDog Scanner ships more than twenty deterministic confirmers, including SQL injection, command injection, SSRF, XXE, SSTI, path traversal, IDOR, JWT forgery, open redirect, CORS, and browser-confirmed XSS and prototype pollution. Every confirmed finding maps to CWE, CVSS, and MITRE ATT&CK context.
Stop shipping “possible.” Ship verified.
Join the invite-only beta and run SecDog against your own labs and in-scope targets.