This tool uses NMAP, and optionally masscan and
nuclei, to perform active network scans. Scanning networks or IP addresses
without explicit written authorization from the owner is illegal in most
jurisdictions (CFAA, Computer Misuse Act, etc.) and may result in criminal prosecution.
Only scan networks and IP addresses you own or have written permission to test
Never scan public IP ranges (including Azure's full IP list) without a signed pentest agreement
Scanning may trigger IDS/IPS alerts and security incidents
masscan sends high-rate traffic across entire IP ranges — it is noisy and can
disrupt fragile hosts or saturate links; only use it on ranges you are authorized to scan
nuclei actively probes web services with vulnerability templates (sending
crafted requests, not just reading banners) — treat it as intrusive testing, not passive recon
The author accepts no liability for misuse of this tool
By clicking "I Agree" you confirm you have proper authorization
to scan all targets you enter into this tool.
🔍
Blue16 Exposure Scanner
(Preview)
nmap…
masscan…
httpx…
nuclei…
subfinder…
dnsx…
🎯 Targets
0 hosts
Quick add:+…public
Paste
Upload File
Discover
Uses subfinder (passive subdomain enum) + dnsx (DNS resolution).
Discovered IPs are added to your target list. See Quick Setup Guide to install.
Microsoft
Azure
Entra
Defender
Cloud Apps
⚠️ Azure sign-in requires opening via http://localhost:5000
Start python app.py then visit that URL.
Register redirect URI:
http://localhost:5000
API permission: Azure Service Management → user_impersonation
👤
Loading…
⚠️ Entra sign-in requires opening via http://localhost:5000
Start python app.py then visit that URL.
API permission: Microsoft Graph → Policy.Read.All (Delegated)
Filters: Location Type = IP ranges · Trusted = Yes
These are external binaries (not pip packages). When present the scanner extends the pipeline
to masscan → nmap → httpx → nuclei; when absent it degrades gracefully to nmap only.
Detection runs at startup, so restart app.py after installing.
masscan — fast discovery on CIDR/ranges (then nmap fingerprints only the
open ports). Needs Npcap on Windows.
github.com/robertdavidgraham/masscan
· Linux: sudo apt install masscan ⚠ MDE alert: Microsoft Defender for Endpoint will trigger a security alert when masscan.exe is present or executed. Add an MDE exclusion before deploying on a monitored endpoint.
httpx — after nmap, confirms which open ports are live HTTP/HTTPS and detects
the real scheme, title and tech, then feeds clean URLs to nuclei.
download a release binary
or go install github.com/projectdiscovery/httpx/cmd/httpx@latest.
⚠ MDE alert: Microsoft Defender for Endpoint will trigger a security alert when httpx is executed from most paths. Exception: placing httpx.exe directly in the application root folder (same directory as app.py) suppresses the MDE alert on monitored Windows endpoints.
nuclei — web vulnerability scan after httpx (severity medium/high/critical).
download a release binary
or go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest.
Templates auto-install on first scan.
⚠ MDE alert: Microsoft Defender for Endpoint will trigger a security alert when nuclei.exe is present or executed. Add an MDE exclusion before deploying on a monitored endpoint.
subfinder + dnsx — used by the Discover tab to enumerate a domain's
subdomains (passively) and resolve them to IPs you can scan.
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
· go install github.com/projectdiscovery/dnsx/cmd/dnsx@latest
⚠️ These send active traffic to targets (masscan floods ranges; httpx and nuclei
send HTTP requests / crafted exploit probes). Only run them against assets you are authorized to test.