Inside VibeWShield: 65+ Scanners, AI Chaining, and the Browser Pass

People ask us "how can a free scanner run 65 modules in under 10 minutes." The honest answer is: a lot of concurrency, a rate governor, and deliberate payload classification. Here is the pipeline.

Stage 1 — Discovery

A single Scrapling headless fetch renders the target URL like a real browser. We harvest:

• All links and forms in the rendered DOM.
• JavaScript bundles from <script> tags (Next.js chunks, Vite builds, Webpack).
• GraphQL endpoints, MCP server URLs, API patterns from JS source.
• Cookies, headers, session state needed to bypass WAF / Cloudflare challenges.

Typical output: 40–200 URLs + 5–30 form actions + full JS text.

Stage 2 — Live-URL probe

httpx (ProjectDiscovery) probes every discovered URL in parallel, filters out 404s, captures live status codes and fingerprinted technologies. This narrows the scanner target list to ~50 live URLs in about 15 seconds.

Stage 3 — Browser Pass (CDP)

A headless Chromium browser navigates the app via Chrome DevTools Protocol. We collect:

• Console logs (secret leaks, errors).
• Network traffic (XHRs, fetches, WebSocket frames).
• DOM snapshot (forms, hidden inputs, iframes).
• Source maps (if publicly accessible).
• Security events (mixed content, CSP violations).

This catches DOM-based issues that HTTP-only scanners can't see: eval() calls in page scripts, secrets in console.log, trackers firing before consent.

Stage 4 — Concurrent scanners

65+ scanners run in parallel, coordinated by a rate governor that caps per-target HTTP rate at 5–30 req/s depending on scan mode. Each scanner has a payload class:

• SAFE — passive checks (headers, metadata).
• PROBE — non-intrusive tests (malformed inputs checking for errors).
• ACTIVE — real injection payloads with safe values.
• MUTATE — destructive tests (only in Aggressive mode).

An escalation rule skips ACTIVE/MUTATE scanners if a PROBE already confirmed the vuln on the same endpoint — faster scans, less load on the target.

Stage 5 — Deduplication and rulebook

Findings from different scanners that describe the same underlying issue get merged. A missing_header: X-Frame-Options finding from our transport scanner and the equivalent from browser_pass count as one.

A YAML rulebook then enriches each finding with CWE ID, OWASP 2021 category, and severity normalization.

Stage 6 — AI enrichment (Claude Haiku)

Every finding passes through Claude Haiku, which rewrites the description in plain language, generates a realistic attack scenario, and produces a ready-to-paste fix prompt with the correct file path and expected code change. 100–200 ms per finding.

Stage 7 — Attack chain detection (Claude Sonnet)

Claude Sonnet gets the full finding list and identifies multi-step exploits. Example: a medium CORS misconfig plus a medium XSS combines into a critical account-takeover chain. Only real combinations are emitted — templated chain rules + Sonnet judgment, no free-form invention.

Stage 8 — Business logic abuse (Claude Sonnet, Deep only)

For Deep scans, a separate agent analyzes the application's detected type (ecommerce, SaaS, fintech, etc.) and generates 8 test cases around price manipulation, workflow bypass, and authorization logic. Each test is executed against live endpoints with guardrails.

Stage 9 — Agentic scan (Aggressive + Agentic mode)

Claude Sonnet runs a 20-iteration OODA loop: observe existing findings → orient on the attack surface → decide on a hypothesis → act by sending an HTTP request through our tool interface. Guardrails enforce method whitelist (GET/POST/PUT only), scope lock to the target domain, payload blocklist (no DROP TABLE, no rm -rf), 5 req/s rate limit, and a 300-second timeout.

Why it's fast

• Concurrency everywhere: asyncio gather across all scanners, asyncio.as_completed for progressive results.
• Per-scanner timeout: default 60 s — any runaway scanner gets canceled without stopping the scan.
• Request budget: each scanner has a hard cap (default 5 req per endpoint, 50 total) — DoS-proof and target-friendly.
• Rate governor: global coordination, not per-scanner rate limits.

Open questions, deliberate trade-offs

• We don't own the AI models. If Anthropic has an outage, AI enrichment degrades gracefully (scanners still run, you just get unenriched descriptions).
• We trade false positives for coverage. Some findings are context-dependent ("is .well-known/security.txt missing actually a security issue? Technically yes, practically info-level"). We emit them and flag severity accordingly.
• We don't do authenticated scanning. Yet. Sprint 2 is shipping a captured-session mode that lets you scan the logged-in surface — which is where the juicy IDORs live.

If you want to dig deeper, the scanner registry is now available at /api/scanners/catalog — live JSON of every module, its category, timeout, and payload class.