Effortless Security: Seamlessly Automate, Monitor, and Schedule Pentests in the BreachLock Unified Platform

Unify your security testing with one seamless platform that consolidates all your product solutions and test findings. Leverage a common data model, validate attack paths, and map your entire attack surface – all in one place.

BreachLock breaks down silos and connects solutions to deliver a unified view of your security landscape for comprehensive asset visibility. By leveraging the power of integration, BreachLock consolidates PTaaS, Attack Surface Management, continuous pentesting and automated scanning, as well as red teaming capabilities in one data model for endless clarity and reporting.

Unlock unparalleled operational efficiency, gain crystal-clear transparency, maximize the impact of your security testing, and confidently measure ROI—all with a comprehensive, centralized view of your security investments and outcomes.

The BreachLock Unified Platform has consolidated Automated Pentesting (APT) Scans, Scan Status, and Scan Scheduling features so that users have a complete pentest automation hub and overview at all times.

Automated Pentesting Scans, Status, and Scheduled

The BreachLock Unified Platform has consolidated Automated Pentesting (APT) Scans, Scan Status, and Scan Scheduling features so that users can have a complete pentest automation hub and overview of their pentests at all times.

Below is an overview of these features.

APT SCANS: Overview

Along the left is the platform feature panel. By clicking on APT Scans, a dashboard of all scanned assets can be viewed classified as Domains, Subdomains, IP Addresses, URL (API endpoints), IP Blocks and Asset Groups.

These assets were either identified during Asset Discovery, whether auto discovered or manually added, or a combination of these and added into inventory.

Asset details and classification remain the same as seen in the Asset Discovery. The user will see many similarities in the dashboards between Asset Discovery and APT Scans. The important difference is APT scans are actual scans that have been run or are scheduled to run, whether auto discovered or manually added, and their overall status. Please see the Asset Discovery blog for further reading.

These are the assets that were discovered, and for which scanning capabilities are available for a subdomain, IP address and/or asset group.

Users will find the find similar information to Asset Discovery including:

• Ability to search by asset
• Active/Inactive assets
• Auto discovered or manually added assets
• Scan Status: B for Data Breach (external scans on domains that were discovered on the Dark Web) or D for Domain Discovery (subdomains, IPs, IP Blocks that were discovered and then mapped and populated as part of the attack surface)
• Attack Surface Validation & Mapping (blog) – see blog for further details
• Scan Status delineated by color: Gray (pending), Green (completed), or Red (failed)

Adjacent to Asset Labels users will see subdomain count, ASN or an autonomous system number which is a unique number that identifies a group of networks on the internet allowing routing control and sharing of information within the organization’s networks and Internet Service Providers or ISPs, and, to the right of this, Vulnerability Count – meaning the number of vulnerabilities automatically discovered on that domain.

APT SCANS: Domain Details (Associated Subdomains)

To view the discovery details of an asset scan, users can click on any asset to further investigate. For example, by clicking on a domain the above screen will pop up showing all subdomains discovered within that domain. Domain details will show which of the subdomains were reachable and not reachable and the last update.

APT SCANS: Domain Details (Associated Vulnerabilities)

The next tab in the Domain Details is ASN vulnerabilities, if any were discovered, as well as overall vulnerabilities discovered on that domain. Each vulnerability will be itemized and defined showing the risk severity (from High to Low), CVSS score and the last update for each vulnerability. This will help users with vulnerability prioritization and remediation.

This detailed view is available for all assets, including subdomain, IPs, URLs, IP Blocks, and Asset Groups.

APT SCANS: Overview for Subdomain

Above is a view of APT Scans for all subdomains discovered during Asset Discovery, again whether Auto Discovered or Manually Added. The differences under Subdomain are:

• Run Scan: Scans can be run on each domain
• Scan Status: “W” stands for Web Scan and circled colors are Gray (pending), Green (completed), or Red (failed)
• Reachable: Those subdomains that were reachable or not reachable
• Vulnerability Count: IPs, DNS, Overall Vulnerabilities
• Last Update: The last date the scan was updated

APT SCANS: Subdomain Details (Associated IPs)

Again, by clicking on the subdomain, further details are made available on this scan, including vulnerable IP addresses associated with the subdomain, DNS Vulnerabilities, Vulnerability count, and Activities

APT SCANS: Subdomain Details (DNS)

APT SCANS: Subdomain Details (Vulnerabilities)

Under subdomain details, users can click the Vulnerability tab to reveal all the vulnerabilities discovered on that subdomain. In the above example, there are 12 vulnerabilities delineated by line item to include risk severity, CVSS score, and whether the vulnerability is Newly Discovered or Rediscovered.

Each asset is labeled whether it was identified for the first time labeled as “New Discovered” or it can be labeled “Rediscovered”. If the vulnerability is discovered for the first time, BreachLock experts will inform the user that it is a newly discovered vulnerability and should pop up on their radar as newly identified.

A newly discovered vulnerability can be discovered multiple times because every time it represents another asset. Rediscovered conveys that the vulnerability has not been mitigated properly yet and remains within discovery.

APT SCANS: Subdomain Details (Activities)

The last tab under the Subdomain Details is Activities. The rolled-up view represents the scan name, the type of scan performed – in this case a Web Rescan – its progress, and/or status (Pending, Paused, Terminated, or Finished), the last update, and Actions. Action represents those scans that have not finished whereby paused scans can be reinitiated, for example.

If you click on the on the subdomain details, you will be provided with activity details of the scan, when it ran and any pending messages.

Again, these rolled-up views are available for Domains, Subdomains, IPs, URL (endpoints), IP Blocks, and Asset Groups.

APT SCANS: Run a Scan

Within this main APT Scans dashboard users can initiate a scan for subdomains, IPs, URLs (endpoints), IP Blocks, and/or Asset Groups.

APT SCANS: Run Scan Configuration (Subdomains)

To run a scan on a subdomain, IP address and/or asset group, click and check the box next to the asset, and click run scan. On a subdomain, for example, users can configure the scan as a Black Box test, Basic Authentication (where the user will provide the username, password, and URL details), or Login Sequence. Login Sequence can be downloaded using a BreachLock Chrome Plugin supported to authenticate the subdomain during the scan or a JSON file can be dragged and dropped here.

Scan Frequency – Users can also run a scan live or immediately or schedule an automated scan. To schedule a scan, users will click on Scheduled whereby the user can designated the month, week, hour, and minute and the frequency in which they would like the scan to run – whether that is daily, weekly, or monthly on a continuous basis.

SCAN STATUS: Dashboard Overview

Under APT Scans users will see the feature “Scan Status” to the left. A cumulative view of all scans will be visible in the dashboard to the right, including the type of scan, IP address, the status of the scan, the last update, and Action column. These scans can be Domain Discovery & Data Breach scans on a Domain(s), a Web scan on a Subdomain(s), and/or a Network scan on an IP Address(es).

At the top of the dashboard, users can search for scan by name or filter by status or scan type. To filter by status, users just click on the drop-down menu where a list of status types will appear.

• Finished – Those scans that are complete
• In Progress – Those scans that are in progress or are still running whereby the user can view the scanning process in real-time.
• Scheduled – Those scans that have been previously scheduled
• Error – If the scan encountered some type of error.
• On-Hold – Those scans that are pending and perhaps need further attention
• Failed – Failed means the scan did not finish successfully; and,
• Terminated – These scheduled scans were terminated and will never get picked up during the upcoming frequency.

In the drop-down menu above, the user can filter and toggle between status to see which scans finished, failed, are in progress, etc.

Adjacent to this is “Filter by Scan Type.” This is very useful to the user if they want to filter by certain types of scans only such as Network Scans Web Scans, etc. including “Rescans.”

SCAN STATUS: Scan Details and Digital Footprint

Users can click on any scan and the scan details will appear. The user sees the complete digital footprint, workflow, and activity details of the scan including messages sent, when the scan was queued, when it ran and when it was completed.

SCAN STATUS: Asset Details (IP Addresses)

To see further details about the scan, users can click on the actual asset associated with the scan or rescan. Depending on the asset, applicable details will appear. This asset is a subdomain that was scanned and associated details include IPs discovered, DNS, vulnerabilities, and scan activities.

SCAN STATUS: Asset Details (Vulnerability)

Similar to data available in Asset Discovery and APT Scans, users can review any and all of this the asset details including associated vulnerabilities discovered on this asset.

By clicking on the Vulnerability tab, it gives a cumulative view of all the vulnerabilities related to that asset. Each vulnerability is itemized and will include the risk severity – from Critical to High, Low, Medium, and Informational – the CVSS Score for which BreachLock supports both CVSS 3 and 4, and whether it is newly discovered or a rediscovered vulnerability related to the asset.

 

SCAN STATUS: Asset Details (Vulnerability Contextual Data)

Also, by clicking on the far right drop-down menu for any vulnerability, users can view more contextual information such as the date of the finding, a more detailed description of the vulnerability, and an automatic screenshot of Proof of Concept (POC) indicating evidence that the vulnerability is a true positive.

SCAN STATUS: Asset Details (Activities)

Identical to APT Scans, the last tab under the Asset Details is Activities. The rolled-up view represents the scan name, the type of scan performed – in this case a Web Scan – its progress, and/or status, the last update, and Actions. Action represents those scans that have not finished whereby paused scans can be reinitiated, for example.

SCAN STATUS: Failed Scan and Rescan

For failed scans the user has the capability to reinitiate the scan on the asset. Go to the far right and click on the ellipses under Action and click “Retry”. A green box will appear indicating that the scan has been requested.

• In Progress Scan: Another example is to click into a scan that is in progress where users can pause, terminate, or restart a scan.
• Error Scan: Those scans showing an “Error” status can also be rescanned by clicking on the Action ellipses and selecting “Retry.”
• Terminate Scan: Those scans under a terminate status cannot be reinitiated and have been previously terminated from the scanning process.
• Scheduled Scan: And those scans under scheduled remain in a scheduled status.

SCAN SCHEDULE: Dashboard Overview

All scheduled scans on Domains, Subdomains, IP Addresses, URLs (endpoints), IP Block, and Asset Group can be viewed within this feature. Scan Schedule will provide the Scan Id, the Name given to the scan, its Status, last scan date, and Action.

Under the Action column, users can click on the ellipses to conduct the following on any scheduled scan:

• Pause Scan Scheduled: To pause the scan that has been scheduled, simply click on “Pause” and the status of schedule changes to “Paused”. A box will pop up asking if the user is sure if they want to pause the scan and when accepted a green box will appear in the upper right corner stating that the user’s request to pause the scan schedule was successful.
• Resume Scan Scheduled: The user can also resume the scheduled scan which will be re-added and start with the upcoming schedule. Status of the schedule will change back to Scheduled.
• Terminate Scan Scheduled: To terminate a scheduled scan, simply click on terminate and the scan will never get picked up during the upcoming frequency. The status of the scheduled scan will change to “Terminated”.

Having a centralized view of all automated pentesting scans allows users to maintain better oversight and control of their security testing activities. Users can quickly assess the status of each scan—whether scheduled, in progress, paused, failed, terminated, or resumed—enabling users to identify gaps, ensure continuous testing, and streamline resource allocation. This visibility reduces the risk of missed vulnerabilities due to overlooked or incomplete scans.

Additionally, tracking scan statuses fosters efficient decision-making by highlighting testing priorities and uncovering patterns or trends in vulnerabilities. Users can align testing schedules with their organization’s evolving threat landscape, ensuring proactive security measures and a more robust attack surface management strategy.

Watch all demos of The BreachLock Unified Platform here.