Six lenses.
One full-surface report.

Pythorix walks your public surface like a senior pentester — only faster, and on every push. Every finding ships with severity, evidence, and a fix.

• Misconfigurations: TLS, HSTS, CSP, CORS, security headers, cookies
• Authentication gaps: weak login flows, missing rate limits, session leaks
• Attack-surface drift: new subdomains, exposed staging, abandoned hosts
• Severity-graded report (Critical · High · Medium · Low) with proof-of-finding

The data you didn't mean to publish — Pythorix finds it. Read-only, defensive, and exhaustively documented so you can fix it the same day.

• Leaked API keys, tokens, and secrets in JS bundles, source maps, and HTML
• Open S3 / GCS / Azure buckets, public listing, world-readable objects
• Exposed .env, .git, debug endpoints, admin paths, and backup files
• Stale subdomains and dangling DNS that attackers love to take over

Your AI assistants look safe until someone asks the wrong question. Pythorix probes them like a red-teamer — without lifting your rate limit budget.

• Prompt injection & jailbreak chains across direct and indirect inputs
• System-prompt leakage and unsafe tool-use detection
• PII echoing, training-data regurgitation, and policy bypass
• Per-endpoint risk score with reproducible test transcripts

You can't protect what you can't see. Pythorix maps every public route — including the shadow APIs your frontend forgot to mention.

• OpenAPI / Swagger / GraphQL introspection, plus inferred routes
• Auth-required vs. anonymous mapping per endpoint
• Broken object-level authorization (BOLA) and broken auth signals
• Diff alerts when new routes ship — including ones nobody documented

Auditors don't want a tour — they want evidence. Pythorix produces an exportable report mapped to the controls your reviewer actually asks about.

• GDPR, ISO 27001, SOC 2, and DPDP-aligned check sets
• Cookie banner, consent, and privacy-policy gap detection
• Sub-processor and third-party script discovery
• Per-scan PDF / JSON export with control mappings & timestamps

Slow pages bleed conversions. Broken schema bleeds organic traffic. Pythorix flags both — alongside the security stuff that's usually their cause.

• Core Web Vitals (LCP, INP, CLS) with regression diffs per scan
• Indexability, robots, canonical, sitemap, and schema validation
• Broken third-party integrations, dead routes, and 404 leakage
• Render-blocking JS, oversized payloads, and CDN misconfigs