Vornin
Start Free
Scan. Resolve. Prove.

One platform for vulnerability scan service and compliance.

Tired of stitching together OpenVAS, ZAP, Nmap, and Excel to track your findings? Vornin is one platform for vulnerability management. This page covers all the features you can expect.

Start free scan Request a Scale trial
No credit card required Read-only access EU-hosted Repository data deleted after scan
Scan across the surface.

Fifteen engines. One pipeline.

Native engines only. When an engine needs a CLI binary and the binary is missing, Vornin emits a Scanner Unavailable finding instead of silently skipping. Coverage gaps surface as findings, not zeros.

Web & API

01

Web vulnerability scanner

OWASP Top 10 coverage with configurable crawler depth, YAML rules, and authenticated header injection. Optional ZAP integration.

02

API security

Tests REST endpoints for CORS, auth bypass, error disclosure, GraphiQL leaks, and missing rate limits. Optional OpenAPI-spec ZAP scan.

03

Nuclei templates

Optional opt-in run of the full Nuclei template corpus. Cached between scans. Requires the Nuclei binary on PATH.

04

WordPress scanner

Fingerprints core, plugins, and themes against the WPScan vulnerability database. Plugin catalog refreshes weekly.

Attack surface

05

Subdomain discovery

Three sources unioned: 54-prefix DNS brute force, Certificate Transparency via crt.sh, and Subfinder across 45+ passive sources.

06

Subdomain takeover

Detects dangling CNAMEs pointing at deleted SaaS resources: S3, Heroku, GitHub Pages, Azure sites, Fastly, Shopify. Refreshed quarterly.

Infrastructure

07

Port scanning

TCP and UDP discovery with service fingerprinting via Nmap. Quick, Standard, and Thorough profiles. Optional OS + version detection.

08

SSL / TLS analysis

Certificate chain validation, expiry watch, cipher grading, protocol probes. Optional SSLyze pass for Heartbleed, ROBOT, HSTS strength.

09

DNS security

SPF, DKIM, DMARC verification, zone-transfer probes, DNSSEC, CAA, MTA-STS. DKIM uses 28 provider maps plus a 67-item fallback wordlist.

Code & supply chain

10

SAST

Dual-engine static analysis on cloned repos. Semgrep pattern rules plus Bearer data-flow tracking. JS, TS, Ruby, Go, PHP, Python, Java.

11

Secret scanning

Gitleaks-powered sweep of the working tree for API keys, tokens, and credentials. 100+ patterns. Per-tenant ignore rules. Values masked.

12

Dependency scanning

Trivy-backed SCA against NuGet, npm, pip, Maven, and Go modules. Import-usage reachability heuristic. CycloneDX SBOM as secondary pass.

Cloud & containers

13

Container image scan

Trivy-powered scan for any registry reference or local Docker image. Package CVEs, hardcoded credentials, and Dockerfile misconfigurations.

14

Kubernetes posture

Trivy-powered cluster scan via your kubeconfig. Pod-level CVEs, misconfigurations, and cluster secrets across the namespace tree.

15

Cloud security posture

32 live CIS checks across AWS, Azure, and GCP via stored read-only credentials. Cloud security posture management without the separate product.

Schedule any of these to run daily, weekly, or monthly in your tenant timezone. Save scan profiles to re-run with identical configuration.

+ Import-only: Vornin parses uploaded exports from Nessus (.nessus), OpenVAS (.xml), CSV, and JSON. Vornin does not run these scanners. Imported findings flow into the same tracking, evidence chain, and compliance pipeline as native scans.

Scan apps and APIs.

Web application security testing.

Most breaches today start with a web application or an exposed API. Vornin runs DAST against both with one configuration, and finds the classes of bug that scanners alone miss.

  • OWASP Top 10 coverage. Configurable crawler depth, confidence thresholds, authenticated header injection.
  • REST and GraphQL endpoints. Soft-404-aware discovery, CORS and auth bypass checks, missing rate-limit detection.
  • Optional ZAP integration. OpenAPI-spec-driven scans and active-rule passes when you need depth.
  • Findings land in the lifecycle. Every finding deduplicates, ages, and exports to the evidence chain.
Vornin vulnerability overview listing web findings with severity, status, and filtering controls.
Vulnerability overview · filter, triage, and export across every finding
Scan the unknowns. Always-on

Attack surface management.

Vornin runs a daily attack-surface sweep on top of your scheduled scans. New subdomains via CT logs, forgotten dev environments, accidentally-public services. High-value finds auto-queue a full scan. Most competitors sell this as a separate product.

Hosts tracked
1,247
+14 new this week
IPs & services
89
12 open ports
Certificates
412
7 expire ≤30d
DNS posture
23
missing DMARC
Host State Open services Flag
staging-old.nordhaven.io CNAME → AWS 443, 8080 cert ≤14d
api-internal.nordhaven.io new this week 443 cert valid
shop.legacy.nordhaven.io takeover? 443 (SSL fail) no DMARC
ci-cache.nordhaven.dev dev / staging 22, 8080 no auth banner
internal-billing.nordhaven.io tracked 443 cert valid

Want to see your own attack surface?

Run a free scan in under five minutes.

Start free scan No credit card required.
Resolve and close the loop.

Findings that age well.

A vulnerability is only half the work. Vornin tracks every finding from first sighting through remediation, with an immutable timeline and dedup guarantees that keep your backlog honest.

  1. 01

    Detected

    A scan picks the finding up. Severity, fingerprint, host, and evidence captured.

  2. 02

    Tracked

    Fingerprint (host, type, title, URL) dedupes against history. The same bug never appears twice.

  3. 03

    Owned

    Assigned to a teammate with an SLA deadline. Comments thread on the finding.

  4. 04

    Resolved

    A later scan confirms the fix. The finding auto-closes and the timeline stamps the closure.

Integrity

Dedup & auto-resolve

A SHA-256 fingerprint over host, scan type, title, and URL tracks every vulnerability exactly once. When a later scan stops detecting a finding, Vornin auto-closes it.

Collaboration

Comments & timeline

Threaded comments on every finding. The timeline records every status change, every assignment, every evidence upload, and chain-stamps each event.

Noise control

Suppression rules

Accept risk or dismiss known false positives with pattern-based rules. Every suppression carries a reason and a reviewer. Suppressions audit cleanly.

Diff

Scan comparison

Compare any two scans side-by-side. See what's new, what's gone, what's unchanged. Ideal for pre-deploy and post-deploy verification.

Resolve faster than the SLA.

SLA tracking with auto-escalation. AI triage with prioritization and remediation guidance.

Most VM tools record SLA dates and then forget about them. Vornin enforces them. AI triage layers on top to recommend which finding gets your attention next.

SLA enforcement

Per-severity remediation deadlines. Breaches fire escalation emails, sla.breach webhooks, and tenant-owner notifications.

Assignment

Every finding gets an owner. Reassignment, mention, and unassign events all land on the immutable timeline.

AI triage

On demand, Vornin generates exploitability, priority, business impact, and reasoning with confidence score. Platform-absorbed cost.

Reachability

Dependency findings rank by whether your code actually imports the vulnerable package. Tenant kill switch if you prefer raw severity.

Remediation guidance

Plain-language summary and remediation narrative on every finding, always on. AI enrichment runs even on Free tier.

Vornin finding detail with AI triage and remediation guidance: exploitability, priority, business impact, and confidence.
Finding detail · AI triage and remediation guidance
Prove it with receipts.

Audit evidence, tamper-evident.

Findings auto-map to controls at scan time. Every status change hashes into a per-tenant SHA-256 chain, anchored to the previous event under a Postgres advisory lock. The foundation of an evidence record that auditors can verify.

  1. Detected a3f1…7e2c 2026-04-12
  2. Acknowledged 8c4b…109a 2026-04-12
  3. Assigned d720…4ff1 2026-04-14
  4. Re-detected 05b7…cc31 2026-05-01
  5. Resolved f49e…6203 2026-05-09

Each event hashes the previous link plus the event payload. Rewriting any earlier event breaks every link that follows. The chain is what the auditor verifies.

ZIP

Auditor pack per finding

From any vulnerability detail page, download a ZIP containing manifest.json (with chain verification result), state.json, events.json, comments.json, compliance-mappings.json, evidence files, and a README explaining the canonicalization recipe. Business and Scale.

PDF

Tenant-wide auditor pack

One QuestPDF document on the Reports page rolls every finding's lifecycle and chain status into a single auditor-grade PDF. Scale tier.

Nine frameworks, pre-mapped.

Tap any framework to see how Vornin's scan output and lifecycle map onto its controls.

NIS2

EU 2022/2555 · Article 21 risk-management measures

Each finding links to its mapped controls as the scan runs. An auditor pack can be exported when your auditor asks for evidence.

DORA

EU 2022/2554 · ICT risk + incident reporting

Each finding links to its mapped controls as the scan runs. An auditor pack can be exported when your auditor asks for evidence.

ISO 27001:2022

Annex A controls (A.5 to A.8)

Each finding links to its mapped controls as the scan runs. An auditor pack can be exported when your auditor asks for evidence.

SOC 2

Security Trust Services Criteria

Each finding links to its mapped controls as the scan runs. An auditor pack can be exported when your auditor asks for evidence.

PCI DSS 4.0

Requirements 6 (secure development) and 11 (testing)

Each finding links to its mapped controls as the scan runs. An auditor pack can be exported when your auditor asks for evidence.

HIPAA

Security Rule · administrative, physical, and technical safeguards

Each finding links to its mapped controls as the scan runs. An auditor pack can be exported when your auditor asks for evidence.

GDPR

Articles 32 (security of processing) and 33 (breach notification)

Each finding links to its mapped controls as the scan runs. An auditor pack can be exported when your auditor asks for evidence.

NIST 800-53 Rev 5

Control families RA, SI, CM

Each finding links to its mapped controls as the scan runs. An auditor pack can be exported when your auditor asks for evidence.

CIS Controls v8

18 controls, 153 safeguards across IG1, IG2, IG3

Each finding links to its mapped controls as the scan runs. An auditor pack can be exported when your auditor asks for evidence.

Operate at organisation scale.

Governance, baked in.

Multi-tenancy, SSO, SCIM, audit log, IP allowlist, and EU residency. The procurement checklist most vulnerability scanners fail. Vornin ships all six from the same architecture that started the codebase.

Feature What it does
True multi-tenancy PostgreSQL row-level filters with EF Core global query scoping. No tenant can see another tenant's data, enforced at the database layer, not just the app.
SSO & MFA Passwordless magic links by default. TOTP MFA per user. Per-tenant SAML 2.0 and Entra ID OIDC. Tenant admins can enforce MFA for all users.
SCIM 2.0 Per-tenant SCIM endpoints with bearer-token auth. Users and Groups, both writable (POST / PUT / PATCH / DELETE).
Audit logging Immutable trail of every action: who, what, when, from which IP. Exportable for incident investigations and compliance audits.
IP allowlist Restrict tenant access by source IP. Middleware enforces the allowlist on every request.
Privacy toolkit GDPR Article 20 data export. Article 17 account deletion. Configurable retention per tenant (30 days to 7 years). Zero third-party tracking, essential-only cookies.
Distributed scan agents Lightweight .NET agents run inside your network and pull work outbound over HTTPS. Private IPs route to available agents automatically, no inbound firewall changes.
Cloud connections AWS, Azure, and GCP via stored read-only credentials, encrypted at rest. 32 live CIS checks across the three.
Integrations Git PR write-back, native chat-ops payloads, scoped API keys, and HMAC-SHA256 signed webhooks with retry and dead-letter. GitHub GitLab Azure DevOps Jira Slack Microsoft Teams Discord

Explore what every plan offers → Pricing.

Get started

Run one platform for IT security and compliance.

Lose the stack. Replace your manual OpenVAS and Nmap setup with a single platform. First scan in under five minutes.

Start free scan Request a Scale trial
Read-only access EU-hosted Repository data deleted after scan