Cyweb — Web Vulnerability Scanner
Cyweb is a fast, accurate web vulnerability scanner built in Rust. It replaces
legacy tools with 4,527 YAML signature rules, baseline response diffing for
zero false positives, and native integration with the Cybrium platform.
| |
|---|
| Language | Rust |
| License | MIT |
| Source | github.com/cybrium-ai/cyweb |
| Platforms | macOS · Linux · Windows |
| Signing | Windows: Authenticode (Cybrium Inc, Azure Trusted Signing) · macOS: Apple Developer ID notarised · Linux: Sigstore (cosign keyless) |
| Current version | See GitHub Releases |
Capabilities
| Capability | Description |
|---|
| Path scanning | 4,527 YAML rules covering server misconfigs, outdated software, default creds, CGI vulns |
| Spider mode | Crawl links + forms before path scanning (--spider) |
| Baseline diffing | Compares responses against a baseline to eliminate SPA catch-all false positives |
| Authentication | Bearer token, cookie, and HTTP Basic auth for scanning behind login |
| Output formats | JSON, SARIF, human-readable text |
| Platform sync | Push findings directly to your Cybrium workspace |
What it does not do
- Cyweb does not perform SAST or static code analysis (use cyscan for that).
- It does not run active exploits or attempt injection attacks.
- It does not do port/service discovery (use a network scan for that).
| Scenario | Recommendation |
|---|
| Quick one-off scan of a URL from your terminal | cyweb scan https://target.com |
| CI/CD pipeline gate | cyweb scan --format sarif --output results.sarif |
| Full pentest with all scan types | Use the platform — it orchestrates cyweb alongside other tools |
| Recurring scheduled scans | Use the platform — it handles scheduling, history, and alerting |