Corporate-grade vulnerability scanning for web, network, and mainframe — that runs fully air-gapped. No cloud, no telemetry, no data ever leaving your environment. Built by an attacker, for the way attacks actually work.
Most scanners are cloud SaaS that phone home and only see one layer. hackz is built for regulated, isolated, and high-assurance environments — and it thinks about authorization the way an attacker does.
Runs with bundled plugins and zero outbound connections. Perfect for banks, defense, healthcare, and any network that can't send scan data to a third party.
Logs in as every role you define, auto-maps each one's surface, and cross-tests object- and function-level access control — the IDOR / BOLA / BFLA class scanners miss.
One engine across your whole estate, including z/OS mainframe surface most modern tools ignore entirely.
First-run admin setup, user management, and a familiar console workflow — security teams are productive on day one.
Drives real browser sessions to capture runtime API calls, so single-page apps and their hidden endpoints are actually covered — not skipped.
Self-contained HTML reports with reproducible evidence and remediation guidance — ready to hand to engineering.
Broken access control is the #1 category in the OWASP Top 10 — and the one generic scanners are worst at, because they only ever see one user.
hackz authenticates as each role, independently maps what that role can reach, then systematically replays every object and function across every other identity. It finds the cross-tenant leak, the privilege-escalation endpoint, and the missing function-level check — the bugs that actually cause breaches.
Drop one self-contained executable on a Linux or Windows host. No dependencies to install.
Pull the container image and run in your own registry and network. Fully self-hosted.
Transfer once, run forever offline. No license phone-home, no telemetry, no exfiltration path.
Book a walkthrough and I'll show you the authz engine finding real access-control bugs — or scope a licensed deployment for your team.