Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision

++++

Vigolium

v1.0.0-alpha

// An agent-agnostic vulnerability scanner

High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision.

++++Vigolium Cloud ++++Try Open Source ++++Documentation

Try open-source on your machine

$ curl -fsSL /install.sh | bash

Vigolium Dashboard

// Features

Core Components

Native Scan

Deterministic, multi-phase scanning with active and passive modules. Content discovery, browser spidering, SPA crawling, SAST, and audit — all in one pipeline.

Agentic Scan

AI agents autonomously plan attacks, select modules, generate custom payloads, and triage results. Powered by Claude, Codex, Gemini, or OpenCode.

Native Speed

Core engine written in Go. Configurable worker pools with per-host rate limiting and hybrid in-memory/disk/Redis queues.

Dynamic Extensions

Agents write custom checks on the fly via an embedded JS engine. Discover and load sessions during scans with session-aware HTTP APIs and multi-step auth flows.

// Process

How It Works

Ingest

Feed targets via URLs, OpenAPI specs, Postman collections, Burp exports, cURL commands, or live proxy traffic.

Scan

Run native scans with strategy presets, or let AI agents autonomously discover endpoints and orchestrate attacks.

Report

Get findings with full request/response evidence, confidence scoring, and exportable HTML reports.

// Capabilities

What We Detect

Injection

XSS (reflected, DOM, SSR), SQLi, NoSQL, SSTI, command injection, XXE, prototype pollution

Access Control

CSRF, IDOR, authorization bypass, mass assignment, HTTP method tampering

API & Protocol

GraphQL introspection, SSRF, open redirect, request smuggling, JWT flaws, race conditions

Framework-Specific

Spring Boot, Django, Laravel, Rails, Express, Next.js, Nuxt, ASP.NET, Flask, FastAPI

Cloud & Infra

Firebase, cloud storage takeover, default credentials, web cache poisoning, CORS misconfiguration

Adaptive Learning

Agents continuously learn from scan results, refining detection strategies and adapting to new attack surfaces

// Metrics

By The Numbers

Scanner modules — active and passive

Native scan phases

Agentic scan phases

Frameworks with dedicated scanners

Agent learning capacity — always evolving

// Ecosystem

Integrations

CI/CD Pipelines

GitHub Actions, GitLab CI, Jenkins

Burp Suite

Import/export Burp XML traffic

API Server

REST API with Swagger UI and traffic ingestion

OpenAPI / Swagger

Auto-ingest API specifications

AI Backends

Claude, Codex, Gemini, OpenCode, Cursor via Agent SDK

// Screenshots

In Action

SCREEN-01Dashboard Overview

Real-time severity distribution and scan control

SCREEN-02Agentic Scan

AI-powered scanning with agent sessions

SCREEN-03Native Scan

High-speed native scanning configuration

SCREEN-04CLI Scanner

Terminal-based scanning with live output

SCREEN-05Static Report

Browser-based HTML report with traffic analysis

// Cloud

Vigolium Cloud

Coming Soon

Managed scanning infrastructure, team collaboration, and continuous monitoring — all without self-hosting.