Skip to content

What is ScourNomad?

The ScourNomad platform aims to reduce the security experts' time and effort performing mundane tasks and improve testing performance. It enhances the penetration tests and bug hunts speed and precision, providing easy-to-use interfaces and powerful integrations.

Build and execute your full software security testing methodologies quickly and easily!

For companies defending their digital resources

Discover exposed resources and secrets and improve your security posture
Use predefined module setups from the gallery for easier and faster setup
Our team is available for any assistance required to adapt and fine-tune your setup to your environment

For software companies looking to improve the security of their products

Build application security integration tests for your applications
Integrate them into your CI / CD pipelines
Get the actionable reports pointing out the bugs and their fixes

For penetration testers and bug bounty hunters

Build security testing methodologies and access them from anywhere
Automate tasks but also leverage manual testing tools to gather data
Use visualization maps to correlate discovered resources and secrets

 

How ScourNomad platform works:

ScourNomad platform provides multiple user interfaces to cover the daily tasks that software security professionals require. It also offers the most used tools readily available at any moment.

 

Preview
  • Easily access project notes and information
  • Manage initial seed resources
  • Review changes from automated scans
Preview
  • Use publicly available tools as well as the proprietary nodes
  • Run the workflows manually or schedule them
  • Set them up to be triggered from outside environments
  • Observe the changes between the scan runs
  • Get alerted on changes or interesting finds
  • Automatically generate reports or add information to notes
Preview
  • Review discovered resources and their relationships
  • Review discovered CVE-s, bugs, keys, and other loot
  • Expand the attack surface by automatic discovery workflows or by manual testing
  • Execute per-resource tools to perform manual inspection, discovery, or attack
  • Import resources from other tools
Preview
  • Build report templates, either for client reports or internal technical reports
  • Fill them up automatically by running workflows or manual tools
  • Update them manually as needed and review them easily
  • Build mind maps and checklists for your internal use
Preview
  • Keep the knowledge base and project notes as correlated pieces of information
  • Effortlessly locate your notes related to discovered resources, like ports and services, directly from the attack surface monitor
  • Effortlessly locate your knowledge base notes related to tools and procedures directly from the flowgraphs and manual run screens
Preview
  • The platform will automatically keep the timeline for you
  • Set up what goes into the timeline and how it is displayed
  • Manually edit the timeline
  • Automatically use the timeline in your reports
Preview
  • Collaborate with your team, company, or fellow security researchers
  • Selectively share the pieces of your knowledgebase
  • Jointly edit the project notes, group knowledgebase, or project information
  • Split the tasks, and create the tickets for team members
  • Send gained access and found secrets to your team members

Roadmap

We currently have the PoC running and are actively working on finalizing the pre-alpha stage. After this stage, we will perform the initial pentest and start with the closed alpha testing.



  • 2021

    Proof of Concept development

  • Q3 2022

    FRC investment received

  • Sep 2022

    Pre-alpha development

  • Jan 2022

    Closed alpha testing starts

  • Q1-Q2 2023

    Beta testing starts

  • Q3 2023

    Full third-party pentest

  • Q3-Q4 2023
    First commercial version