PRODUCT

Security from surface
to chain.

Passive analysis, active vulnerability probing, attack-path reasoning, and blockchain forensics, unified in a single platform built for agents and CI.

Get started Request booking →
6
Active probe types
3
Blockchain networks
0
Destructive payloads
MIT
Open source license

DIVERG OPEN

Active vulnerability probing
that finds real bugs.

Most scanners stop at headers. Diverg Open goes further, passively analysing your security posture then actively injecting non-destructive test payloads to confirm exploitable vulnerabilities with evidence, not guesses.

  • Reflected XSS, HTML, attribute, script, and comment context detection
  • SQL injection, error-based and boolean-blind with payload evidence
  • SSRF, cloud metadata endpoints and internal network ranges
  • Path traversal, open redirects, and authentication bypass
  • Passive: headers, SSL/TLS, CSP, cookies, content analysis
Get started Full docs → 
$ diverg-scan https://target.com --type active

Passive scan ........... 8 findings
Discovering injection points ...
Running 6 probes .............

[CRITICAL] Reflected XSS
  → /search?q=, HTML body context
  → canary confirmed in response

[HIGH]    SQL Injection (boolean-blind)
  → /api/users?id=, 42% length delta

[MEDIUM]  Open Redirect
  → /login?next=, Location header

──────────────────────────────────
Score  23/100   Grade  F
Probes  6/6     Findings  11

ATTACK INTELLIGENCE

Findings chained into
exploit narratives.

Twelve disconnected findings mean nothing to a developer. Attack-path reasoning chains vulnerabilities together, shows how each one enables the next, and gives your team a clear picture of what an attacker can actually do, and in what order to fix it.

  • XSS + missing HttpOnly = Session Hijack
  • SQLi + error disclosure = Database Compromise
  • SSRF + internal access = Network Pivot
  • Severity, likelihood, and impact summary per path
  • Prioritised remediation ordered by exploitability
Get started Full docs →
CRITICAL Session Hijack via XSS
Reflected XSS
/search?q=, HTML body, canary confirmed
Weak Session Cookie
HttpOnly not set, accessible via JS
Account Takeover
Steal session, impersonate any user
Likelihood 0.82 Impact Critical

DIVERG CHAIN

On-chain forensics across
every major network.

Multi-modal blockchain investigation across Ethereum, Bitcoin, and Solana. Trace funds across bridges, identify mixer usage, cluster entities, and score wallets for risk, all from the same platform as your web security data.

  • Transaction graph traversal, trace hops across wallets
  • Entity clustering and exchange identification
  • Risk scoring with sanctions and mixer detection
  • Fund flow across bridges and wrapped assets
  • Natural language queries via Diverg Auto (OpenClaw)
Get started Blockchain docs →
Target Wallet
High-risk Exchange
Mixer Protocol
Unknown Wallet ×4
Risk Score87/100
Hops Traced14
NetworksETH · SOL · BTC
FlaggedMixer exposure

CAPABILITIES

Every check, documented.

Passive Scanning

  • Security headers (CSP, HSTS, X-Frame)
  • SSL/TLS configuration and cert analysis
  • Cookie flags (HttpOnly, Secure, SameSite)
  • Content analysis and tech fingerprinting
  • Redirect chain inspection
  • Security scoring (0–100, A–F grade)

Active Probing

  • Reflected XSS, 4 injection contexts
  • SQL injection, error-based + boolean-blind
  • SSRF, cloud metadata + internal ranges
  • Path traversal, LFI sequence detection
  • Open redirect, parameter and header
  • Auth bypass, forced browse, verb tamper, IDOR

Integrations

  • Open-source CLI, install from diverg-auto (GitHub or PyPI; see Installation)
  • CLI, diverg-scan
  • GitHub Actions + GitLab CI
  • JSON and Markdown output
  • Diverg Auto (OpenClaw) agent integration
  • Batch scanning + --fail-on gates

Start scanning in one command.

pip install git+https://github.com/fennq/diverg-auto.git
Read the quick start Sign in to Diverg Open →