Architecture

Skill-based design

Diverg is built around discrete, composable skills. Each skill is a well-defined capability, reconnaissance, web vulnerabilities, headers/SSL, auth testing, API testing, blockchain analysis, OSINT, that can be combined dynamically based on the target type. Investigating a DeFi protocol triggers a different skill mix than assessing a traditional web app. See Skills System for the full list.

Methodologies

We align with industry standards so that findings are defensible and repeatable:

• OWASP Testing Guide, for web application security
• PTES (Penetration Testing Execution Standard), for structured pentests
• MITRE ATT&CK, for threat modeling and attack simulation

Data sources

Diverg integrates with major providers for richer results. When API keys are configured, we pull live data from:

• Blockchain: Solscan Pro, Arkham, Etherscan, Bubblemaps
• Web/OSINT: Wappalyzer, Shodan, Censys, Wayback Machine, Common Crawl
• Enterprise: Custom threat-intel feeds and commercial providers (on request)

When a source is unavailable, we do not substitute fake data; we mark those checks as skipped in the report. See Fact-Only Reporting.

Deployment models

• Cloud SaaS (Diverg Open): Hosted dashboard and API at dash.divergsec.com.
• Open-source CLI: The diverg-auto scanner runs locally or in CI (see Installation).
• Diverg Auto (OpenClaw): Natural-language agent commands that drive scans and investigations through Diverg Open.
• Browser extension: diverg-extension for in-browser Diverg Open workflows.
• Enterprise on-premise: Self-hosted and private engagements, [email protected].