The RedSwarm Platform
The technology behind RedSwarm: Brain + Hand architecture, 116 detection strategies, OOB blind vulnerability detection.
Brain + Hand Architecture
Two specialized agents working in concert to plan, execute, and prove every vulnerability.
Brain
The AI reasoning engine that plans and executes 116 detection strategies. It selects the right attack vectors for each target, interprets responses, and decides whether a vulnerability is confirmed before reporting.
Hand
The execution agent that performs real exploits against your application. It sends precisely crafted HTTP requests, analyzes responses, and produces the exact proof payload included in every finding ticket.
OOB Detection
Out-of-band callback system proving blind vulnerabilities. Detects Log4Shell, blind SSRF, and blind XXE even when the application shows no visible output — by correlating callbacks to scan sessions.
116 Detection Strategies
Full OWASP Top 10 (2021) coverage plus CVE-specific tests. Zero manual configuration per engagement.
Injection
SQL, NoSQL, LDAP, OS Command, SSTI
Broken Authentication
Session fixation, weak credentials, JWT flaws
Sensitive Data Exposure
PII in responses, insecure transmission, caching
XXE
Blind XXE, file read, SSRF via XXE, OOB exfil
Broken Access Control
IDOR, path traversal, privilege escalation
Security Misconfiguration
Default creds, open admin ports, verbose errors
XSS
Reflected, stored, DOM-based, mutation XSS
Insecure Deserialization
Java, PHP, Python object deserialization
Known Vulnerabilities
CVE-matched component testing, Log4Shell
Insufficient Logging
Missing audit trails, silent failure modes
SSRF
Blind SSRF, internal network pivoting, OOB confirmation
Cryptographic Failures
Weak cipher suites, expired certs, mixed content
Fits your existing workflow
Confirmed findings flow directly into your existing developer workflow.