KaQus

Automated API security testing starting from domains. Discovers REST, GraphQL, and SOAP APIs, reconstructs schemas, and tests for BOLA/IDOR, BFLA, mass assignment, JWT attacks, rate limiting bypass, and business logic flaws. Use when user asks to "test API security", "break API", "find API vulnerabilities", "test GraphQL", "test JWT", "API pentest", or provides domains with API endpoints. For auth

Automated full-scope reconnaissance starting from a domain or domain list. Performs subdomain enumeration, port scanning, technology fingerprinting, OSINT correlation, Google dorking, and Wayback analysis. Use when user provides a domain or list of domains and asks for "recon", "reconnaissance", "attack surface mapping", "subdomain enumeration", "footprinting", or "information gathering". Designed

Composes multi-step exploit chains by correlating vulnerabilities across domains, calculates real impact of chained findings, generates end-to-end PoC scripts, and produces bug bounty ready reports. Use when user asks to "chain vulnerabilities", "compose exploit chain", "correlate findings", "calculate real impact", "write bug bounty report", "combine findings", or has multiple vulnerability findi

Automated web application vulnerability scanner and exploit generator starting from domains or URLs. Tests for SQLi, XSS, SSRF, IDOR, SSTI, authentication bypass, file upload bypass, and race conditions. Generates working PoC for each finding. Use when user asks to "find vulnerabilities", "scan web app", "test for XSS/SQLi/SSRF", "hunt bugs", "bug bounty scan", or provides a domain for web securit

Generates strategic attack trees and kill chains from reconnaissance data or domain input. Maps MITRE ATT&CK TTPs, identifies chaining opportunities, trust relationships, and prioritizes attack paths by feasibility and impact. Use when user asks for "attack path", "kill chain", "attack tree", "threat modeling from recon", "attack surface analysis", or "prioritize targets". Requires prior recon dat

Maps cloud infrastructure from domains and identifies pivot paths from external to cloud internals. Detects cloud providers, enumerates S3/GCS/Azure storage, finds subdomain takeover opportunities, discovers serverless functions, CI/CD exposure, and IaC leaks. Use when user asks for "cloud security", "S3 enumeration", "subdomain takeover", "cloud recon", "bucket enumeration", "cloud pivot", or pro