Common Use Cases & Workflows

AI Co-Pentester

Managed Pentesting Tools

BLACKBIRD BurpSuite Integration Extension

Contact Support

Discord Community

Blog

Product & API Documentation | BLACKBIRD Technologies (Formerly NOVA SECURITY)

API Documentation

Customer Dashboard

Pricing

Learn how customers use BLACKBIRD to get the most of it.

BLACKBIRD Web App Pentesting Suite is a complete toolkit for penetration testers and security professionals who want to save time and find more security vulnerabilities by leveraging the latest attack techniques derived from the competitive and ever-evolving bug bounty world.

Introduction

There are several reasons why it'd be a more wise decision to choose us above any other alternative. This page outlines all of the reasons why.

Why BLACKBIRD Web App Pentesting Suite

BLACKBIRD Web App Pentesting Suite is a toolkit for penetration testers. It was designed by and for penetration testers all along.

For Who?

Learn more about your future with BLACKBIRD

Mission

Vision

Core Values

Learn more about BLACKBIRD's capabilities

Capabilities

Get Started With BLACKBIRD Pentesting Suite

Getting Started

Onboarding

Learn to navigate around BLACKBIRD Pentesting Suite

Navigation

This page describes how you can scan your list of targets for security vulnerabilities using BLACKBIRD Web Security Vulnerability Scanner

BLACKBIRD Web Security Vulnerability Scanner

In this article, we will go over how you can easily start a vulnerability scan on your list of target URLs or even a target definition to uncover vulnerabilities.

Launching a Vulnerability Scan

In this article, we will go over how you can easily start a recon scan on your list of targets or target definition to map out as many hosts & live hosts as possible.

Launching a Recon Scan

Learn how to use BLACKBIRD to get the most of it and avoid common pitfalls that may impact your potential with it.

Best Practices

Common terminologies and definitions used on BLACKBIRD Web App Pentesting Suite

Glossary

BLACKBIRD offers a set of semi-automated pentesting tools that you can make use of. This section is dedicated to the usage of each tool.

Pentesting Tools

BLACKBIRD offers a set of semi-automated pentesting tools that you can make use of. This section is dedicated to the configuration of each tool.

Global Configuration

CNAME X is a sophisticated subdomain takeover scanner.

Subdomain Takeover Scanner

CORSCANNER is an advanced CORS Misconfiguration scanner.

CORS Misconfiguration Scanner

REDIRECT X is an advanced scanner open URL redirect scanner.

Open URL Redirect Scanner

SPIDER X is a comprehensive content discovery scanner.

Content Discovery Scanner

Fuzzer

XSSCANNER is an advanced Cross-Site Scripting (XSS) scanner.

Cross-Site Scripting (XSS) Scanner

WAYPOINTS is a scalable solution to define your own personalized scan rules to look for security vulnerabilities on your organisation's or company's network.

WAYPOINTS Template-Based Scanner

**Templates** or **Scan Rules** are predefined JSON objects to instruct WAYPOINTS to look for security vulnerabilities across your organisation's or company's network. In this guide we will go over what templates (or scan rules) are.

What is a WAYPOINTS template or scan rule?

**Templates** or **Scan Rules** are predefined JSON objects to instruct WAYPOINTS to look for security vulnerabilities across your organisation's or company's network. In this guide I will go over how you can create your private template.

Creating a WAYPOINTS template

SQLS (SQLSCANNER) is an powerful SQL Injection (SQLi) scanner.

SQL Injection (SQLi) Scanner

S9R (SSRFSCANNER) is a specialized Server-Side Request Forgery (SSRF) scanner.

Server-Side Request Forgery (SSRF) Scanner

L8R (LFISCANNER) is an advanced Local File Inclusion (LFI), Remote File Inclusion (RFI) & Local File Disclosure (LFD) Scanner.

LFI, RFI & LFD Scanner

CISCANNER (OS Command Injection Scanner) is a specialized OS Command Injection Scanner.

OS Command Injection Scanner

INJECT49 is a sophisticated Server-Side Template Injection (SSTI) scanner.

Server-Side Template Injection (SSTI) Scanner

JSAUDITOR is a comprehensive JavaScript auditing tool.

JavaScript File Scanner

JSAlert is a simple JavaScript file monitoring tool.

JavaScript File Monitor

OAST Server is your personal private Out-of-Band (OOB) Server designed for Out-of-band Application Security Testing (OAST).

OAST Server

Learn how to configure your notifications settings to get notified by BLACKBIRD

Notifications

BLACKBIRD can be configured to use VPN profiles to instruct the scanners to reach internal networks.

VPN Connection Profiles

Learn how to create a VPN Connection Profile within BLACKBIRD to instruct the scanners to reach internal networks.

Create VPN Connection Profiles

BLACKBIRD's Fuzzer supports two types of wordlists: managed and custom (private) wordlists.

Wordlists

Learn how to upload a custom wordlist to use within BLACKBIRD for fuzzing.

Upload Custom Wordlists

BLACKBIRD provides an extensive API to start, delete, and view scans at any time.

Platform Overview

Getting Started

Pentesting Tools

Private OAST Server

Real-Time Notifications

VPN Connection Profiles

Custom Wordlists

Common Use Cases & Workflows