Vulnerability Dashboard
The Vulnerability Dashboard is where you run vulnerability testing modules against a domain and review the results. While the Results Dashboard focuses on reconnaissance (what assets exist), the Vulnerability Dashboard focuses on security testing (what weaknesses exist).
Accessing the Vulnerability Dashboard
From the Domains page, click the Vulnerabilities button next to any domain. You can also navigate here from the domain's sub-navigation in the sidebar.
Module Overview
The page displays a list of vulnerability scanning modules, each represented as a card. Every module targets a specific class of vulnerability. For a plain-language explanation of what each module does, see How Scanning Works.
Vulnerability Modules
General Vulnerability Scan — Comprehensive security testing using Nuclei, an open-source vulnerability scanner with thousands of community-maintained templates. This covers a wide range of issues including misconfigurations, default credentials, exposed panels, known CVEs, and more.
Sensitive Files & Endpoints — Detects exposed configuration files (e.g.,
.env,.git/config), backup files, administrative interfaces, and other files that should not be publicly accessible.JavaScript Secrets — Uses TruffleHog to scan JavaScript files and source code for accidentally exposed API keys, tokens, passwords, and other credentials.
Cross-Site Scripting (XSS) — Uses DalFox to test for reflected and DOM-based XSS vulnerabilities that could allow attackers to inject malicious scripts.
Server-Side Request Forgery (SSRF) — Tests for SSRF vulnerabilities where an attacker could trick the server into making requests to internal resources.
Directory Traversal — Checks for path traversal vulnerabilities that could allow unauthorized access to files outside the web root.
Open Redirect — Detects unvalidated redirect endpoints that could be exploited for phishing attacks.
Subdomain Takeover — Identifies dangling DNS records pointing to unclaimed services (e.g., expired cloud instances, deprovisioned CDN endpoints) that an attacker could claim.
Custom Templates — Runs your own custom Nuclei templates for specialized testing unique to your environment.
Hygiene Modules
These modules assess your security configuration rather than testing for exploitable vulnerabilities:
DNS Security Configuration — Checks for SPF, DKIM, DMARC, and other email authentication records. Proper DNS hygiene helps prevent email spoofing and phishing.
TLS/SSL Configuration — Analyzes SSL certificate validity, expiration dates, cipher suites, and protocol versions. Identifies weak or outdated TLS configurations.
HTTP Security Headers — Checks for missing or misconfigured security headers like Content-Security-Policy (CSP), Strict-Transport-Security (HSTS), X-Frame-Options, and X-Content-Type-Options.
Running a Module
You can run multiple modules simultaneously. Each module runs independently as a child scan (visible on the Scans page).
Viewing Results
Once a module completes, its results appear in a table below the module card. Each vulnerability finding shows:
Name/Template — The specific vulnerability or check that matched
Severity — Critical, High, Medium, Low, or Info (see severity levels)
Affected URL — The specific URL where the issue was found
Details — Additional context about the finding
Results are paginated and can be sorted by severity. All findings also appear on the Findings page.
AI Triage
Ryft includes AI-powered vulnerability triage that goes beyond simple classification. The AI actively investigates each finding by performing live HTTP probes, analyzing response content, and looking for concrete evidence of exploitability.
For any vulnerability, click the AI Triage button (robot icon) on a finding. The AI provides:
Confidence score — How confident the AI is in its assessment
Reasoning — A plain-language explanation of why it reached its conclusion
Reproduction steps — Step-by-step instructions to manually verify the finding
Suggested triage state — Validated, Tentative, or False Positive
You can also generate a detailed AI Report for any triaged finding — a professional document with vulnerability description, risk assessment, remediation guidance, and references. See AI Features for full details.
You can enable automatic AI triage for all new findings in Settings. When enabled, every new vulnerability is automatically analyzed as it's discovered — no manual intervention needed. See AI Features — Auto AI Triage.
Manual Triage
You can also manually triage findings by clicking the triage state chip on any vulnerability. The available states are:
Not Triaged (gray) — Default state for new findings
Validated (red) — Confirmed as a real vulnerability that needs remediation
False Positive (green) — Confirmed as not a real issue
Resolved (blue) — The vulnerability has been fixed
You can add notes to any triage decision to document your reasoning.
Sequential Execution Queue
When running multiple vulnerability modules, they execute in a managed queue. The Sequential Execution Queue panel shows:
Which modules are currently running
Which modules are queued
Progress for each module
Rate Limiting
The Rate Limiting Status panel shows the current rate limiting profile being used for scans. This controls how aggressively Ryft tests your targets, helping you balance thoroughness with the impact on your systems.
Tier-Based Access
Some modules require specific subscription tiers:
Starter — General Scan, Sensitive Files, Custom Templates
Pro — SSRF, Traversal, Open Redirect, Subdomain Takeover, JS Secrets, XSS
Growth — DNS Hygiene, TLS Hygiene, Security Headers
Modules that require a higher tier than your current subscription will show a tier badge and cannot be run until you upgrade. Visit the Pricing page for upgrade options.
Last updated