Introduction

What is Vulcn?

Vulcn is a security testing tool that makes it easy to find vulnerabilities in web applications. Instead of manually testing each input field with different payloads, Vulcn lets you:

Record browser interactions once (clicks, form fills, navigation)
Replay sessions with security payloads injected into inputs
Detect vulnerabilities via plugin hooks (dialogs, console, patterns)

Quickstart

Get up and running in under 5 minutes

CLI Reference

Explore all available commands

Plugins

Extend Vulcn with detection plugins

API Reference

Use Vulcn programmatically

Key Features

🎬 Session Recording

Record your browser interactions and Vulcn captures them as a replayable session. No need to write test scripts—just use the application normally. bash vulcn record https://example.com --output session.vulcn.yml

💉 Payload Injection

Vulcn automatically injects security payloads into form inputs during replay. Built-in payloads cover XSS, SQLi, SSRF, XXE, and more. bash vulcn run session.vulcn.yml --payload xss-basic sqli-basic

🔌 Plugin System

Extend Vulcn with plugins for custom detection, payload loading, and reporting. The hook-based architecture makes it easy to add new capabilities. yaml # vulcn.config.yml plugins: - name: "@vulcn/plugin-detect-xss" - name: "@vulcn/plugin-detect-reflection"

🎯 Execution-Based Detection

Unlike pattern-matching tools, Vulcn detects actual JavaScript execution—when alert() fires, you know the XSS is real.

How It Works

Record a Session

Open a browser window and interact with your application. Vulcn captures every click, input, and navigation.

Choose Payloads

Select from built-in payloads (XSS, SQLi, etc.) or load custom ones from files or PayloadsAllTheThings.

Run Tests

Vulcn replays your session, injecting each payload into every input field and monitoring for vulnerabilities.

Review Findings

Get detailed reports of confirmed vulnerabilities with evidence, payloads, and affected URLs.

Installation

npm install -g vulcn

Vulcn uses Playwright for browser automation. Browsers will be installed automatically on first use, or you can run vulcn install to install them manually.

Quick Example

# Initialize configuration
vulcn init

# Record a session (opens browser)
vulcn record https://vulnerable-app.com --output session.vulcn.yml

# Run security tests
vulcn run session.vulcn.yml

# List available payloads
vulcn payloads

Ready to start?

Follow our quickstart guide to find your first vulnerability

Getting Started

CLI Reference

Configuration

Introduction

What is Vulcn?

Quickstart

CLI Reference

Plugins

API Reference

Key Features

How It Works

Installation

Quick Example

Ready to start?

Getting Started

CLI Reference

Configuration

​What is Vulcn?

Quickstart

CLI Reference

Plugins

API Reference

​Key Features

​How It Works

​Installation

​Quick Example

Ready to start?

What is Vulcn?

Key Features

How It Works

Installation

Quick Example