The flagship product

hackz — the offline DAST scanner

Corporate-grade vulnerability scanning for web, network, and mainframe — that runs fully air-gapped. No cloud, no telemetry, no data ever leaving your environment. Built by an attacker, for the way attacks actually work.

Web · Network · z/OS Offline by design Single binary or Docker
100%
Offline — nothing leaves your network
3
Domains: web · network · mainframe
1
Binary or container to deploy
Auto
Multi-role authz mapping
Capabilities

What sets hackz apart

Most scanners are cloud SaaS that phone home and only see one layer. hackz is built for regulated, isolated, and high-assurance environments — and it thinks about authorization the way an attacker does.

Fully offline / air-gapped

Runs with bundled plugins and zero outbound connections. Perfect for banks, defense, healthcare, and any network that can't send scan data to a third party.

Multi-user authz engine

Logs in as every role you define, auto-maps each one's surface, and cross-tests object- and function-level access control — the IDOR / BOLA / BFLA class scanners miss.

Web · network · mainframe

One engine across your whole estate, including z/OS mainframe surface most modern tools ignore entirely.

Nessus-style operation

First-run admin setup, user management, and a familiar console workflow — security teams are productive on day one.

SPA-aware discovery

Drives real browser sessions to capture runtime API calls, so single-page apps and their hidden endpoints are actually covered — not skipped.

Actionable reports

Self-contained HTML reports with reproducible evidence and remediation guidance — ready to hand to engineering.

Under the hood

Access control, done properly

Broken access control is the #1 category in the OWASP Top 10 — and the one generic scanners are worst at, because they only ever see one user.

hackz authenticates as each role, independently maps what that role can reach, then systematically replays every object and function across every other identity. It finds the cross-tenant leak, the privilege-escalation endpoint, and the missing function-level check — the bugs that actually cause breaches.

  • Object-level (BOLA/IDOR) — can role A read/modify role B's objects?
  • Function-level (BFLA) — can a low role invoke a privileged action?
  • Tenant isolation — does data leak across organizational boundaries?
Deployment

Runs where your data has to stay

Single binary

Drop one self-contained executable on a Linux or Windows host. No dependencies to install.

Docker / GHCR

Pull the container image and run in your own registry and network. Fully self-hosted.

Air-gapped

Transfer once, run forever offline. No license phone-home, no telemetry, no exfiltration path.

See hackz run against your environment

Book a walkthrough and I'll show you the authz engine finding real access-control bugs — or scope a licensed deployment for your team.