rorixrorixdashboard →
// PRODUCT · PENTESTING

Verified scans. Real exploits. Structured reports.

Once you have dependency visibility in place, point Rorix at the apps and APIs you own. DNS-based ownership verification, Nuclei + API fuzzing, and exec-ready reports with reproductions.

Run a pentest →Sample pentest report
// WORKFLOW

Scoped, verified, reproducible

Every finding is something you could paste into a terminal and reproduce. No vague 'misconfiguration detected' noise.

01

Verify ownership

Add a TXT record or place a file. We block scanning anything you haven't proven control over.

DNS / file / HTTP header
02

Discover surface

Crawl the app, enumerate APIs from OpenAPI/GraphQL schemas, map auth boundaries and tenancy lines.

OpenAPI · GraphQL · HAR
03

Run detectors

Nuclei template library, parameter fuzzing, broken-auth and IDOR probes, dependency-driven CVE replays.

3,200+ templates
04

Triage + report

False-positive filter with manual triage queue. Findings land with reproduction, payload, and remediation.

CVSS · CWE · reproducible
// DETECTOR LIBRARY

3,291 templates. Updated weekly.

Built on Nuclei, extended with .NET-aware detectors, and filtered through our own triage to cut false positives.

Injection412
  • SQLi (boolean, time, UNION)
  • Command injection
  • NoSQL injection
  • LDAP injection
  • XXE / XML injection
Authentication186
  • Broken session fixation
  • JWT alg confusion
  • IDOR across tenants
  • Forced browsing
  • OAuth redirect tricks
Known CVEs1847
  • Log4Shell replay
  • Spring4Shell
  • ProxyShell variants
  • Struts OGNL
  • Confluence CVE replays
Server misconfig523
  • Exposed .git/.env
  • Debug endpoints
  • Default creds
  • SSRF to metadata
  • Header leaks
API surface234
  • Schema discovery
  • Rate-limit bypass
  • Mass assignment
  • Excessive data exposure
  • Shadow endpoints
.NET-specific89
  • ViewState deserialization
  • Telerik UI CVEs
  • Kentico exploits
  • DotNetNuke chains
  • Razor SSTI
// FINDING EXAMPLE

Every finding. Reproducible.

No screenshots. No hand-waving. A curl command and a payload.

CRITICALJWT algorithm confusion allows admin impersonationCVSS 9.1 · CWE-347 · id PT-0041
REPRODUCTION
$ curl -X POST \
    https://api.target.com/auth/whoami \
    -H "Authorization: Bearer $PAYLOAD"
# $PAYLOAD = jwt signed with HS256 using
# public key as secret (alg=none fallback)
→ 200 OK
  { "user": "admin", "scope": "*" }
REMEDIATION
  1. Pin the JWT library to accept only RS256.
  2. Reject tokens where header alg is HS256 or none.
  3. Rotate signing keys; revoke outstanding tokens.
  4. Add regression test: test_jwt_alg_enforcement.cs
Est. fix time: 15 min · Affected services: 2