aiLooking

Detect critical vulnerabilities in your web applications

An intelligent, automated scanning system that generates clear, actionable reports. Streamline decision-making and strengthen your digital security.

The pentester's first-hour recon tool.

ailooking — bash — 80x24

//What you do with nmap, theHarvester and crt.sh in the first hour — aiLooking automates it and generates the report ready to deliver.

Scan nowSee how it works ↓
Open beta — security consultants in Argentina are already evaluating aiLooking.

Who is aiLooking for?

Freelance pentester

Automate the recon phase and deliver the first report before the kickoff meeting.

Security consultant

Generate professional reports with severities, descriptions and recommendations ready for your client.

IT Manager

Get a snapshot of your domain's security posture without hiring an external auditor.

Reconnaissance in 60 seconds

HTTP headers, SSL, DNS, subdomains and tech stack. Everything you need to start an engagement without touching the client's server.

PDF ready to deliver[PDF]

Bilingual report with severities, descriptions and remediation steps. Sign it and send it. Your client gets it even if they're not technical.

Authorized active scans[PRO]

Verify the domain and unlock nuclei and naabu. Legal, traceable and documented. You know exactly what you touched and when.

How it works

01

Enter the domain

No signup, no installation. Type the domain and click.

02

aiLooking runs 8 passive recon modules

DNS, HTTP headers, SSL, subdomains, WHOIS, IP/ASN, email security and HTTP chain. All in 60 seconds.

03

Get the professional report

Bilingual PDF with severities, technical descriptions, recommendations and risk score. Ready to sign and deliver.

What we analyze

8 passive reconnaissance modules. Without touching the target's server.

DNS

  • ·SPF, DMARC, CAA, MX
  • ·DNSSEC
  • ·Email records

HTTP Headers

  • ·CSP, HSTS, X-Frame
  • ·Secure cookies
  • ·Information disclosure

SSL / TLS

  • ·Certificate expiration
  • ·Weak cipher suites
  • ·Trust chain

Subdomains

  • ·Certificate transparency
  • ·Exposed attack surface
  • ·Orphaned subdomains

WHOIS / RDAP

  • ·Domain age
  • ·Registrar and nameservers
  • ·Expiration date

IP / ASN

  • ·Server geolocation
  • ·ISP and ASN
  • ·Proxy detection

Email Security

  • ·SPF with policy analysis
  • ·DMARC enforcement
  • ·DKIM on common selectors

HTTP Chain

  • ·Redirect chain
  • ·HTTP downgrade
  • ·Mixed content

Real finding example

HIGH

Content Security Policy (CSP) not configured

Description

The Content-Security-Policy header is absent. CSP is the browser's primary defense against XSS and data injection. Without it, any injected script runs with full access to the page, cookies, and user data.

Recommendation

Add: Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'none'. Use nonces or hashes instead of unsafe-inline.

The scan automatically detects these issues and generates the recommendation.

// SCAN REAL — cohunters.com2026-05-09

cohunters.com2026-05-09
risk score52/100
0critical1high2medium3low8info

nuclei — vulnerabilities detected

HIGHmissing-csp

Content-Security-Policy ausente — XSS sin restricción de origen

https://cohunters.com

MEDIUMmissing-hsts

HTTP Strict Transport Security ausente — SSL stripping posible

cohunters.com:443

MEDIUMdmarc-policy-none

DMARC en modo monitoreo (p=none) — email spoofing sin bloqueo

cohunters.com

naabu — open ports

:80:443
aiAnalysis — attack chain analysis

La ausencia de CSP combinada con HSTS deshabilitado crea un vector de ataque encadenado: un atacante puede forzar downgrade a HTTP, inyectar scripts y exfiltrar sesiones sin restricción. La política DMARC en p=none permite spoofing del dominio para phishing dirigido — remediación: 48h.

attack chains identified

▶ HTTP/2 DoS + exposed port 8080

CVE-2023-44487 → puerto 8080 sin autenticación → amplificación sin límite

▶ TLS downgrade + header injection

TLS 1.0 activo → MITM posible → Permissions-Policy ausente → XS-Leaks

// Talk to your attack surface

// aiAnalysis — cohunters.comLIVE DEMO

— Deliverable —

A professional report your client understands

13 pages with executive summary, risk score, findings by category with severity, technical description and remediation. Bilingual (ES/EN). Ready to sign and deliver.

  • Executive summary with risk score and severity distribution
  • Findings grouped by scanner with description and remediation
  • Impact of each finding if not remediated
  • Legal scope and disclaimers included
  • Exportable as bilingual PDF (ES/EN)

Scan history

All your scans documented and stored. Track score evolution, compare executions and detect security regressions.

Scheduled scans

Set up automatic daily, weekly or monthly scans. The system runs, stores and notifies you when done.

Analysis always available

Your results accessible 24/7 from the dashboard. Download the PDF anytime, share it with your team or client.

Free vs Pro — which plan fits you?

Capability
Free
Pro
Passive reconnaissance (8 modules)
On-screen results
Reconnaissance PDF
Dashboard & scan history
Domain ownership verification
Nuclei — active CVE scanning
Port scan with naabu
aiAnalysis — powered by Groq/LLaMA
Correlated attack chains
Executive narrative ready to deliver
Activate Pro
Free
$0

 

L1L1 — Passive reconnaissance only
  • DNS, Headers, SSL, Subdomains
  • WHOIS, IP/ASN, Email, HTTP chain
  • Reconnaissance PDF
  • No sign-up required
Start for free
Pro
USD 20

/ month · ARS 29.000

 

L1L1 — Everything in Free included

L1 — Passive reconnaissance only

L2L2 — Active Scan
  • nuclei templates (known vulnerabilities)
  • naabu port scan (top 100 ports)
  • Unlimited scan history
  • Verified domain dashboard
  • Professional bilingual PDF (ES/EN)
  • REST API to automate scans
L3L3 — AI PentestEarly Access
  • AI-powered attack chain analysis
  • Interactive chat about your findings
Activate Pro

Early Access — first Pro users get active scans before anyone else.