The complete Vulnerability Assessment & Penetration Testing platform for modern enterprises — web applications, networks, and devices.
Every unpatched vulnerability, every end-of-life framework, every misconfigured server is an open door for attackers. Most breaches exploit known vulnerabilities that already had patches available.
exploit vulnerabilities where a patch was already available. Organisations simply didn't know they were exposed.
End-of-Life frameworks receive no security patches — yet they run in production environments for years after support ends.
43% of all data breaches involve web application vulnerabilities — missing headers, exposed endpoints, outdated libraries.
Unauthenticated services, open database ports, and legacy protocols lurk on internal networks unseen by traditional tools.
A single platform that crawls your websites, fingerprints your technology stack, scans your network, matches findings against the NVD CVE database, detects end-of-life software, and delivers a professional A4-formatted HTML report — all from a clean enterprise desktop interface. No terminal. No scripts. No security degree required.
Enter a URL or CIDR network range. Set max pages, thread count, and optional login credentials. One screen — no config files.
The engine crawls pages, reads HTTP headers, cookies, and HTML to identify technologies, frameworks, and server software with version numbers.
Detected technologies are cross-referenced against the live NVD CVE database and the EOL/EOS calendar. Every finding is scored with CVSS.
One click produces a multi-page, print-ready HTML report with executive summary, grouped findings, technology stack, and remediation guidance.
Deep-crawl any website. Fingerprint every technology. Match every CVE. Check every security header. All automatically.
Auto-discovers pages via sitemap.xml, RSS feeds, and nav menus. Deduplicates by path and filename. Configurable up to 300 pages.
Detects CMS, frameworks, servers, and runtime versions from headers, cookies, and HTML signatures — including WordPress, Laravel, Apache, Nginx, PHP.
Checks CSP, X-Frame-Options, HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy — with severity-rated findings for each missing header.
Probes for .env files, backup archives, admin panels, config files, and debug endpoints that should never be publicly accessible.
Provide login credentials and the scanner authenticates, then scans protected pages that anonymous crawlers completely miss.
Every finding is rated High / Medium / Low / Info using CVSS v3.1 scores from the NVD. Prioritise remediation effort automatically.
CVE vulnerabilities End-of-Life software Missing security headers Exposed .env & backups Directory listings Admin panel exposure Outdated frameworks Weak cookie flags Server version leakage
| Vulnerability Category | Severity | Auto-detected | Remediation Guidance |
|---|---|---|---|
| CVE-matched software vulnerabilities | High | ✓ | Included in report |
| End-of-Life / End-of-Support frameworks | High | ✓ | Included in report |
| Missing Content-Security-Policy | Medium | ✓ | Included in report |
| Exposed configuration files | High | ✓ | Included in report |
| Server version information leakage | Low | ✓ | Included in report |
Discover every live host. Probe every port. Identify every risk — on your LAN, cloud VPC, or DMZ. No root access required.
Enter any CIDR range (e.g. 192.168.1.0/24). Pings all addresses and falls back to TCP probes on 22/80/443 to find stealth hosts.
FTP, SSH, Telnet, SMTP, HTTP, HTTPS, SMB, RDP, MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, VNC — all in parallel.
Pulls service banners from open ports to identify software name and version, enabling precise CVE matching for network services.
Guesses the host operating system from banner signatures — Ubuntu, Debian, RHEL, Windows, FreeBSD — without active OS probes.
Stay current. The threat landscape changes daily — so does your database.
Update CVE database weekly and EOL database monthly. The built-in DB Manager tab gives you one-click updates with live progress logging.
Every scan produces a boardroom-ready, multi-page HTML report — structured like a professional penetration test report, designed to print perfectly on A4 paper.
Page 1 always contains severity count cards, scan metadata, grouped vulnerability summary by category, and detected technology stack.
Findings auto-paginate at 42 lines per page. Every page has the target website header, date, and page number. Perfect for printing.
Findings grouped into 6 categories: CVE, End-of-Life, Missing Headers, Information Disclosure, Configuration, and Informational — with badge counts per group.
Every CVE finding shows CVSS score, affected component, detected version, remediation steps, and external KB reference links.
Network scans generate a report with a live hosts table (IP, hostname, OS, open ports, risk), then paginated findings grouped by host IP.
Open in any browser and print to PDF. Share with clients, audit teams, or compliance officers. Pure HTML + CSS — no proprietary format.
| Page | Content | Auto-generated |
|---|---|---|
| 1 | Executive Summary — severity cards, scan overview, grouped vulnerability summary, tech stack | ✓ |
| 2–N | Detailed Findings — title, severity badge, description, CVSS score, affected component, remediation | ✓ |
| Every page | Dark gradient header with target name, footer with date & page number | ✓ |
TPE VAPT Tool puts professional-grade vulnerability assessment in the hands of every IT team — no security consultants, no expensive enterprise contracts, no command-line expertise required.
Request a Demo →Windows desktop app
Pure Python — no agent install
Offline-capable
Local CVE & EOL database
Instant A4 reports
Print or share as HTML
Web + Network
One tool for all surfaces
Built-in Help KB
Full documentation included
CVSS-scored findings
Prioritise by real risk
■ TechnoPlanet Enterprise | www.TechnoPlanetEnterprise.com | TPE VAPT Tool v1.0