Skip to main content
Esprit CLI provides comprehensive vulnerability detection across web applications, APIs, and microservices. The CLI analyzes code paths, authentication flows, and business logic to identify security weaknesses before they reach production.

Detection Capabilities

Esprit specializes in detecting:
  • Injection Vulnerabilities - SQL injection, XSS, command injection
  • Authentication & Authorization - JWT/session flaws, broken access control, IDOR
  • Server-Side Attacks - SSRF, XXE, path traversal
  • Business Logic - Workflow bypass, state manipulation, invariant violations
  • API Security - BOLA/IDOR, broken function-level authorization, rate limiting

Detection Approach

Esprit uses specialized skills to analyze attack surfaces:

Context-Aware Analysis

The CLI understands:
  • Input locations (path, query, body, headers, cookies)
  • Data flow from sources to sinks
  • Framework-specific patterns (React, Vue, Angular, Express, Django)
  • Transport variations (REST, GraphQL, gRPC, WebSocket)

Multi-Channel Testing

Esprit validates vulnerabilities across:
  • Multiple HTTP methods (GET, POST, PUT, PATCH, DELETE)
  • Content types (JSON, form data, multipart)
  • Protocol variations (HTTP/1.1, HTTP/2, WebSocket)
  • Authentication contexts (anonymous, user, admin)

Evidence-Based Validation

Each finding includes:
  • Precise location in source code
  • Exploitation proof-of-concept
  • Impact assessment
  • Remediation guidance
Esprit focuses on high-signal detections with minimal false positives by understanding the full context of each vulnerability.

Vulnerability Categories

Injection Attacks

Authentication & Sessions

Authorization

Server-Side Attacks

Application Logic

Running Vulnerability Scans

# Scan entire codebase
esprit scan

# Target specific vulnerability types
esprit scan --type sql-injection,xss

# Focus on specific directories
esprit scan --path src/api

# Include severity filtering
esprit scan --severity high,critical
Always test vulnerability detection in a safe environment. Never run exploitation attempts against production systems without proper authorization.

Understanding Results

Esprit provides detailed findings for each vulnerability:
  • Location - Exact file path and line number
  • Severity - Critical, High, Medium, Low
  • Confidence - High confidence findings with proof
  • Attack Surface - Entry points and data flow
  • Exploitation - Minimal proof-of-concept
  • Impact - Business and security implications
  • Remediation - Specific fix recommendations

Next Steps

SQL Injection

Detect database query manipulation vulnerabilities

XSS Detection

Find cross-site scripting vulnerabilities

Authentication

Identify JWT and session security issues

Access Control

Detect authorization bypass vulnerabilities

Build docs developers (and LLMs) love

Get started for freeTalk to us