NULLRAY

// BLACK_BOX_SECURITY_ASSESSMENT

KNOW YOUR ATTACK SURFACE BEFORE ATTACKERS DO

AI-powered threat analysis for your domain. Submit a URL, get a comprehensive STRIDE threat model and attack tree — no agents installed, no source code needed.

scan_domain()view_sample_report()

// free_tier: 2 scans/account · no_install_required · passive_probing_only

nullray — scan_engine v1.0

$ nullray scan --domain example.com

 

[RECON] DNS enumeration ........................ ✓

[RECON] Subdomain discovery .................... ✓

[RECON] Port scanning .......................... ✓

[RECON] TLS/SSL analysis ....................... ✓

[RECON] HTTP header analysis ................... ✓

 

[ANALYSIS] Running STRIDE threat model ......... ●

[ANALYSIS] Generating attack trees ............. ○

 

// 6 findings detected — 2 critical, 3 high, 1 medium

// HOW_IT_WORKS

THREE COMMANDS TO SECURE

From domain input to actionable security report in minutes.

01

SUBMIT DOMAIN

Enter your target domain. We validate ownership and check against our blocklist before proceeding.

02

AI SCANS

Our AI agent performs passive reconnaissance, STRIDE analysis, and builds attack trees — all without touching your systems.

03

GET REPORT

Receive a detailed threat report with STRIDE categories, attack tree visualizations, and prioritized remediation steps.

// CAPABILITIES

BUILT FOR REAL THREATS

Every feature designed to surface what matters before it becomes a breach.

STRIDE THREAT MODEL

Systematic analysis across Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

ATTACK TREE VISUALIZATION

Interactive attack trees map exploitation paths from entry point to impact. See exactly how an attacker could chain vulnerabilities.

PASSIVE RECON ONLY

Zero intrusion. No injection, brute force, or state modification. We observe your attack surface exactly as an attacker would — safely.

REAL-TIME PROGRESS

Watch your scan unfold live. Every check, every finding streamed to your dashboard as it happens.

AI-POWERED ANALYSIS

Claude Sonnet for rapid threat classification. Claude Opus for deep report synthesis. Two models, one comprehensive assessment.

ACTIONABLE REMEDIATION

Every finding includes severity rating, exploitation likelihood, and concrete fix recommendations your team can act on immediately.

10,000+domains_scanned
50,000+threats_identified
<5minavg_scan_time
99.8%uptime_reliability

// PRICING

SIMPLE, TRANSPARENT

Start free. Pay only when you need the full picture.

// FREE_TIER
$0/scan

SEVERITY PREVIEW

✓ Domain reconnaissance

✓ Basic STRIDE classification

✓ Severity count preview

✓ 2 scans per account

× Full report details

× Attack tree visualization

start_free_scan()
// RECOMMENDED
$49/report

FULL THREAT REPORT

✓ Everything in free tier

✓ Deep AI agent analysis

✓ Complete STRIDE breakdown

✓ Interactive attack trees

✓ Remediation playbook

✓ Exportable PDF report

get_full_report()

// READY_TO_SCAN

YOUR DOMAIN IS ALREADY EXPOSED

Find out what attackers see before they act on it.

scan_domain()

// no_credit_card · results_in_minutes · cancel_anytime