Diverg Whitepaper

A comprehensive technical document covering the Diverg platform's architecture, methodology, and capabilities.

1. Executive Summary

Diverg is an autonomous security and blockchain investigation platform designed for modern security teams. Unlike traditional toolchains that require analysts to switch between multiple disconnected products, Diverg provides a unified environment where web security assessment, blockchain analysis, and open-source intelligence (OSINT) converge into cohesive investigations.

Key Differentiators

  • Unified Platform: Web, blockchain, and OSINT in one workflow
  • Fact-Only Reporting: No synthetic or placeholder data ever
  • Modular Architecture: Skill-based system that adapts to targets
  • Multi-Modal Delivery: CLI, browser extension, API, and enterprise deployments

2. Problem Statement

2.1 Fragmented Toolchains

Security investigations today require analysts to operate across numerous disconnected tools. A typical blockchain investigation might involve:

  • Block explorers (Etherscan, Solscan) for transaction lookup
  • Labeling services (Arkham, Nansen) for entity identification
  • Visualization tools (Bubblemaps) for flow analysis
  • Web scanners (Burp, Nuclei) for infrastructure assessment
  • OSINT tools (WHOIS, DNS enumeration) for correlation
  • Spreadsheets or notebooks for manual correlation

This fragmentation creates friction, increases investigation time, and raises the risk of missed connections between data points.

2.2 Data Integrity Issues

Many security tools present synthetic or placeholder data when real data sources are unavailable. This creates a fundamental trust problem: analysts cannot distinguish between verified findings and generated examples, leading to potentially critical errors in security assessments.

3. The Diverg Solution

3.1 Unified Investigation Model

Diverg introduces a single platform where investigations can span multiple surfaces simultaneously. A single command or API call can initiate reconnaissance across:

  • Web Infrastructure: Domains, subdomains, technologies, vulnerabilities
  • Blockchain Networks: Wallets, tokens, transactions, flows, counterparties
  • Open Sources: WHOIS, DNS, historical data, public records

Results are correlated automatically, surfacing connections that might be missed when using separate tools.

3.2 Modular Skill Architecture

The platform is built around a skill-based architecture where each capability is encapsulated as a discrete, composable unit:

Core Skills

  • Reconnaissance: Port scanning, subdomain enumeration, tech fingerprinting
  • Web Vulnerabilities: XSS, SQLi, CSRF, misconfiguration detection
  • Security Headers: CSP, HSTS, CORS, and custom header analysis
  • SSL/TLS Analysis: Certificate validation, cipher suites, protocol versions
  • Authentication Testing: Session management, cookie flags, brute-force detection
  • API Security: Endpoint discovery, parameter fuzzing, auth bypass checks
  • Blockchain Analysis: Wallet profiling, token tracking, flow mapping
  • OSINT Collection: WHOIS, DNS, email patterns, historical archives

Skills can be combined dynamically based on target type. Investigating a DeFi protocol triggers different skill combinations than assessing a traditional web application.

4. Fact-Only Reporting Philosophy

4.1 Radical Transparency

Every Diverg report explicitly distinguishes between:

  • Verified Findings: Data sourced from live APIs and active testing
  • Skipped Checks: Tests not performed due to missing configuration
  • Tool Limitations: Known constraints that may affect coverage

4.2 Graceful Degradation

When API keys are unavailable (e.g., no Solscan Pro access), Diverg continues operating with available skills rather than failing or substituting fake data. The report clearly marks which blockchain checks were skipped, allowing analysts to supplement manually if needed.

5. Technical Architecture

5.1 Established Methodologies

Diverg aligns with industry-standard frameworks:

  • OWASP Testing Guide: For web application security assessment
  • PTES (Penetration Testing Execution Standard): For structured penetration testing
  • MITRE ATT&CK: For threat modeling and attack simulation

5.2 Data Source Integrations

Native integrations with major security and blockchain data providers:

  • Blockchain: Solscan Pro, Arkham, Etherscan, Bubblemaps
  • Web Intelligence: Wappalyzer, Shodan, Censys
  • Historical Data: Wayback Machine, Common Crawl
  • Threat Intel: Custom feeds and commercial providers (enterprise)

5.3 Deployment Models

  • Cloud SaaS: Managed investigations via web dashboard and API
  • CLI Tool: Local execution for developers and security researchers
  • Browser Extension: One-click investigations from any webpage
  • Enterprise On-Premise: Self-hosted deployments with custom integrations

6. Detailed Capabilities

6.1 Web Security Assessment

Comprehensive web infrastructure testing including:

  • Port scanning with service detection and banner grabbing
  • Subdomain enumeration via DNS brute force and certificate transparency
  • Technology fingerprinting with version detection
  • Vulnerability scanning for OWASP Top 10 and beyond
  • Authentication and session management testing
  • API endpoint discovery and security testing

6.2 Blockchain Investigation

Multi-chain analysis supporting Ethereum, Solana, and other major networks:

  • Wallet profiling with transaction history and balance tracking
  • Token analysis including holder distribution and movement patterns
  • Fund flow visualization with interactive diagrams
  • Counterparty mapping and entity labeling
  • Exchange deposit identification for asset recovery
  • Smart contract interaction analysis

6.3 OSINT Intelligence

Public data collection and correlation:

  • Domain registration and WHOIS history
  • DNS enumeration and infrastructure mapping
  • Email pattern discovery and contact identification
  • Historical website analysis via archived data
  • Social media and public record correlation

6.4 Reporting and Output

Multiple output formats for different audiences:

  • Executive Summary: High-level findings for leadership
  • Technical Report: Detailed findings with evidence and remediation
  • Raw Data: JSON/CSV export for further analysis
  • Visual Flows: Interactive diagrams for blockchain investigations
  • Telegram Delivery: Instant alerts for monitoring use cases

7. Use Cases

7.1 Crypto & DeFi Security

Pre-investment due diligence and ongoing security monitoring for cryptocurrency projects:

  • Token launch assessment and deployer wallet analysis
  • Smart contract review preparation and risk scoring
  • Holder distribution analysis and centralization detection
  • Rug pull indicator identification
  • Liquidity pool and DEX integration analysis

7.2 Incident Response

Rapid investigation support for security breaches and attacks:

  • Attack timeline reconstruction from blockchain and web logs
  • Attacker wallet tracking across multiple chains
  • Fund destination identification (exchanges, mixers, bridges)
  • Evidence packaging for law enforcement or legal action
  • Root cause analysis and vulnerability identification

7.3 Due Diligence

Comprehensive security assessment for investments and acquisitions:

  • Infrastructure attack surface mapping
  • Historical vulnerability and breach assessment
  • Blockchain entity reputation analysis
  • Technical debt and security posture evaluation
  • Defensible risk reports for stakeholder presentations

7.4 Continuous Monitoring

Automated ongoing security surveillance:

  • Scheduled security scans with change detection
  • Wallet activity monitoring for suspicious transactions
  • New vulnerability alerting for tracked assets
  • Configuration drift detection
  • Integration with Slack, Telegram, email, and webhooks

8. Roadmap and Extensibility

Our roadmap is focused on what we plan to ship in the next 3 months. The list below is what we are building toward in that window.

8.1 Next 3 months (Q2)

With our latest investigation wrapped, we are doubling down on the blockchain side of Diverg, expanding on-chain investigation, forensics, and reliability, while advancing the private platform.

  • Fundraising & VC: Pursue venture capital and strategic investment conversations to raise capital for team growth, security and infrastructure, and faster execution of the roadmap below.
  • On-chain investigation: Expand how we track wallet activity, trace transactions, and surface meaningful insights faster and more clearly across our tools.
  • Forensics: Refine tooling from real-world cases so we can go deeper, move faster, and deliver more actionable intelligence.
  • Detection & reliability: Improve suspicious-behaviour signals, data aggregation, and the robustness of our blockchain analysis engine so risks surface earlier and outputs are easier to trust.
  • Private platform: Integrate more advanced blockchain-focused features for users who need deeper analysis and higher-level workflows.

This phase is about sharpening our edge in on-chain security and investigations, and turning that experience into a stronger, more focused product.

Diverg Open vs private

Diverg Open is the self-serve surface, extension, console, and API where offered, for authorized scans and on-chain analysis. Private engagements use our internal pipeline for forensic-grade investigations and tailored security assessments; they are not the same depth as Open. To book: [email protected].

8.2 Later: Enterprise & extensibility

  • SSO and RBAC for team management
  • Custom skill development framework
  • Advanced reporting and compliance templates
  • Threat intelligence feed integrations
  • Audit logging and compliance reporting

8.3 Extensibility

The skill-based architecture enables third-party extensions. Enterprise customers can develop custom skills for:

  • Proprietary internal systems
  • Custom threat intelligence sources
  • Industry-specific compliance checks
  • Integration with existing security infrastructure

9. Conclusion

Diverg represents a new approach to security investigation, one that treats the analyst's time as valuable and their trust as paramount. By unifying web security, blockchain analysis, and OSINT into a single platform with a strict fact-only reporting philosophy, we enable security teams to work more efficiently and with greater confidence in their findings.

Diverg Open is available for self-serve use where we offer it, sign in at dash.divergsec.com. For private investigations and security assessments with our internal tooling, email [email protected] to book.