¶ Simple Audit Scan System
In Simple Audits, users can create projects to scan multiple targets simultaneously. This allows you to manage several projects, each scanning various targets in one workflow.
For example, in a single project you can add URLs, IPv4 addresses, IPA files, source code links or archives, usernames, emails, and more. Then, you can select audit types, and CryEye will automatically assign appropriate tools based on the nature of each target.
In the context of multi-purpose audits, it’s highly effective to use Exploit Monitoring to automatically track emerging vulnerabilities and exploits in real time.
Here is an example of how Exploit Monitoring works:
You can also use Breach Detection projects to track leaked data related to Recon assets, such as:
- Leaked URLs
- Phishing domains
- Usernames, emails, and credentials
- Company secrets
- Bank card information
Example of Breach Detection in action:
¶ Creating a Multi-Target Project
Users can create a multi-target workflow directly from the Add Assets page.
For example, click the URL asset icon to enter multiple URLs or upload a .txt file with targets to start a multi-target project.
Alternatively, you can add assets of different types and later create a multi-target workflow from the Assets Dashboard.
¶ Running the Workflow
Once the workflow is created, select and run audits from the Configure Workflow page.
You can run audits in:
- Standard Mode – Results for all targets are combined in one workflow.
- Split Mode – Results for each target are separated into distinct workflows.
You can also schedule scans:
- Set an exact start time
- Enable automatic rescans (basic or advanced)
¶ Extended Request Manager Options
Click "Enable Request Manager" to configure advanced scanning options:
-
Custom Headers – Add auth tokens or simulate real user behavior
-
Custom Cookies – Simulate authenticated sessions for access control testing
-
Excluded Paths – Skip specific endpoints (e.g., logout, static assets)
-
User-Agent / Basic Auth – Spoof headers or test protected areas
-
API Access – Test backend APIs for vulnerabilities like IDOR or rate limiting
¶ Scan Results
Results are organized under the Storage tab with five sub-tabs:
¶ Total Amount of Data
Displays total findings in the workflow.
¶ Audits Results
Shows results from each audit tool.
You can sort, view, and explore associated Facts and Resources.
¶ Facts
Structured findings with severity, CVSS score, and CWE ID.
Each fact includes a detailed description and classification.
¶ Resources
Resource Extraction analyzes and categorizes web-related results:
- URLs, Domains, Subdomains
- Emails, CVEs
- IPv4/IPv6 addresses, etc.
¶ Logs
Scan logs are available in the Control tab.
¶ Access from Workspace
Simple Audit results are also accessible from the Workspace services toolbar, alongside other tools.
