🔍 Deep Security Auditing

Know every vulnerability
on every server.

One scan. Full audit. Open ports, misconfigurations, CVEs, and software inventory — with SBOM generation in SPDX 2.3 format. Compliance-ready reports for your auditors.

Start Free Scan → 📋 Technical Specs Live Dashboard
No agent required SSH-based scanning SPDX 2.3 export CVE database updated daily
🔐
Credential Vault Enabled
Securely store access credentials and 2FA secrets. FluxCybers ExecFlow handles autonomous authentication — zero-friction, zero-exposure credential management.
Learn more →
NVD
CVE Database
Fast
Full Scan Time
Multi
Check Categories
SPDX
2.3 Compliant
Scan Engine

What Server Scanner Finds

Multiple check categories across security, compliance, and infrastructure health. Every finding linked to CVE, CWE, or CIS benchmark.

🦠

Suspicious Process Detection

Scans for hidden processes, suspicious kernel modules, and unauthorized SUID binaries. Checks against known indicators of compromise.

🔓

Vulnerability Assessment

Maps every installed package to the NVD database. Identifies CVEs with CVSS scores, exploitability metrics, and recommended patches. Updated daily.

⚙️

Misconfiguration Audit

Checks SSH hardening, firewall rules, open ports, file permissions, password policies, and service configurations against CIS benchmarks.

🔐

Encryption & TLS Audit

Validates TLS certificate chains, cipher suite strength, protocol versions, and certificate expiry. Flags weak encryption and self-signed certs.

👤

User & Access Audit

Inventories user accounts, sudo privileges, SSH keys, cron jobs, and login history. Flags dormant accounts, shared credentials, and excessive permissions.

📦

Package Inventory

Complete software inventory: every installed package, version, source repository, and dependency tree. Foundation for SBOM generation.

$ fluxcybers scan prod-web-01 --deep
Connecting via SSH...
SSH connected — Ubuntu 22.04 LTS
Package inventory: 847 packages
CVE scan: 3 critical, 7 high, 12 medium
! Process scan: 1 suspicious SUID binary detected
CIS benchmark: checked
SBOM generated: spdx-2.3-prod-web-01.json
Scan complete · full report saved
SBOM

Enterprise & Government Compliance:
Know Every Component on Every Server

Automatically generate a complete Software Bill of Materials (SBOM) for any scanned server — every installed package, service, dependency, and library in SPDX 2.3 format. Required by US Executive Order 14028 and increasingly standard for government, healthcare, and financial sector procurement.

SPDX 2.3 format — the open standard required by US federal agencies
CVE mapping — every component cross-referenced against the National Vulnerability Database
Dependency tree — not just top-level packages, but every transitive dependency
License compliance — flag GPL, AGPL, and restrictive licenses automatically
One-click export — JSON, PDF, or XML for auditors and procurement teams
📋 EO 14028 Ready
SBOM exported in SPDX 2.3 — the standard required by US federal agencies
sbom-prod-web-01.spdx.json
Package Version License CVEs
openssl 3.0.2 Apache-2.0 CVE-2024-5535
nginx 1.24.0 BSD-2 CVE-2024-7347
postgresql-15 15.6 PostgreSQL None
nodejs 20.11.0 MIT None
libcurl4 7.81.0 MIT CVE-2024-2398
systemd 249.11 LGPL-2.1 None
python3.10 3.10.12 PSF-2.0 None
... 840 more packages

Example SBOM output — actual reports include full dependency trees and CVSS scores

New — BYOVD Defense
Active Campaign: Qilin & Warlock

Kernel Driver Security & BYOVD Pre-Scan

Ransomware groups Qilin and Warlock use BYOVD — loading legitimate-but-vulnerable drivers to kill EDR software before deploying ransomware. Server Scanner detects these drivers before they're exploited. If your EDR goes down, you need to know why.

☠️
Vulnerable Driver Scanner
Scans every loaded kernel driver against the LOLDrivers database and NVD driver-specific CVEs. Reports which drivers are present, which are exploitable, and exactly how ransomware groups weaponize them — before they do.
LOLDrivers DB NVD CVEs CVSS Scores
📋
Driver SBOM Extension
Extends your existing SPDX 2.3 SBOM to include a complete kernel driver inventory. Each entry includes name, version, SHA-256 hash, signing certificate, publisher, LOLDrivers match status, and associated CVEs. Diff reports show new drivers since the last scan.
SPDX 2.3 SHA-256 hash Diff reports
🏛️
CIS Benchmark — Driver Security
New driver-specific CIS checks: signing enforcement, module loading restrictions, allowlist configuration, and HVCI/VBS status. Each failure maps to its CIS control ID and includes a one-click remediation recommendation via Sentinel.
CIS-KD-1.x HVCI check Auto-remediate
🎯
Proactive Remediation
Specific fix steps per vulnerable driver, prioritized by active campaign exploitability. Drivers in the current Qilin or Warlock toolkit = CRITICAL. Remediations integrate directly with Sentinel for automated one-click execution.
Campaign intel WDAC policy 1-click fix
Sample Driver Scan Output
$ fluxcybers driver-scan prod-eu-03 --loldrivers --cis --sbom
FluxCybers Driver Scanner v2.0 — LOLDrivers DB 2026-04-09
Discovering kernel modules... 12 drivers found
Matching against LOLDrivers database (10 signatures)...
⚠ MATCH GDRV.sys · Gigabyte · CVE-2018-19320 · CRITICAL
Exploited by: Qilin, RobbinHood | Technique: EDR kill via kernel IOCTL
⚠ MATCH cpuz141.sys · CPUID · CVE-2017-15303 · HIGH
Exploited by: LockBit 3.0 | Physical memory read/write
⚠ MATCH WinRing0x64.sys · OpenLibSys · CVE-2020-14979 · HIGH
Exploited by: RansomHub | Kernel memory R/W via IOCTL
✓ CLEAN nvidia.ko · NVIDIA · signed · no match
✓ CLEAN ext4.ko · Linux Kernel · signed · no match
... 7 more clean drivers
Running CIS driver benchmark checks...
✗ CIS-KD-1.1 FAIL — 2 unsigned drivers (GDRV.sys, WinRing0x64.sys)
✗ CIS-KD-1.3 FAIL — 3 LOLDrivers-listed vulnerable drivers present
⚠ CIS-KD-1.2 WARN — HVCI status unverifiable via SSH
⚠ CIS-KD-1.5 WARN — kernel.modules_disabled=0 (modules loadable at runtime)
✓ CIS-KD-1.4 PASS — third-party driver count within threshold
RISK SCORE: 92/100 — CRITICAL
SBOM: Driver inventory appended to SPDX 2.3 report
Remediations: 3 queued — push to Sentinel for automated fix
Driver SBOM — SPDX 2.3 Extension
prod-eu-03 · 2026-04-09 · 12 kernel drivers
Driver Version Publisher Signed LOLDrivers
GDRV.sys 1.0.0.1 Gigabyte CRITICAL
cpuz141.sys 1.41 CPUID HIGH
WinRing0x64.sys 1.3.1.2 OpenLibSys HIGH
nvidia.ko 525.147.05 NVIDIA None
ext4.ko 6.1.0 Linux Kernel None
usbcore.ko 6.1.0 Linux Kernel None
... 6 more clean drivers
📊 CIS Driver Security Score
CIS-KD-1.1 Driver SigningFAIL
CIS-KD-1.2 HVCI StatusWARN
CIS-KD-1.3 Blocklist CheckFAIL
CIS-KD-1.4 3rd-Party MinimizationPASS
CIS-KD-1.5 Module LoadingWARN
⚠️
Active Campaign Threat Intel — April 2026
Qilin is actively exploiting GDRV.sys & aswArPots.sys to kill 300+ EDR signatures. Warlock is using mhyprot2.sys + DBUtil_2_3.sys after SharePoint initial access, with deliberate 30–90 second ransomware execution delays to create a defense-down gap. If these drivers are present on your servers, remediate now.
Scan Now →
Compliance

Maps to every framework your auditors care about

Every finding is mapped to the relevant compliance control. Export audit-ready reports in one click.

🏛️
SOC 2
Type II
🏥
HIPAA
Healthcare
💳
PCI-DSS
Payments
🇪🇺
GDPR
Privacy
🌐
ISO 27001
InfoSec
🇺🇸
EO 14028
Federal SBOM
🔒
CIS
Benchmarks

Product Explainer

See How Server Scanner Works

~90-second animated walkthrough with AI narration — press ▶ Play to start.

FAQ

Quick questions

How does the scan work — do I need to install anything?
No agent installation required. Server Scanner connects via SSH, runs read-only commands to inventory packages, check configurations, and detect anomalies. Nothing is installed, modified, or written to your server. You can also use the lightweight FluxCybers agent if you prefer agentless scanning.
What operating systems are supported?
Ubuntu 18.04+, Debian 10+, CentOS 7+, RHEL 7+, Rocky Linux 8+, AlmaLinux 8+, and Amazon Linux 2. Basically any modern Linux distribution with SSH access. Windows server support is on the roadmap.
What's included in the SBOM?
Everything: installed packages (apt, yum, snap, pip, npm, gem), their versions, licenses, dependencies, and any associated CVEs. Exported in SPDX 2.3 JSON format — the standard required by US federal agencies under Executive Order 14028. Also available as PDF or XML for procurement teams.
How often is the CVE database updated?
Daily. We pull from NIST NVD, MITRE CVE, and vendor-specific security advisories (Ubuntu USN, Red Hat RHSA, Debian DSA). Critical CVEs are ingested within hours of public disclosure.
Can I schedule recurring scans?
Yes. Set up daily, weekly, or monthly scans per server or server group. Get notified when new vulnerabilities appear or compliance scores change. All scan history is preserved for trend analysis and audit evidence.
Is the scan output admissible for SOC 2 / HIPAA audits?
Yes. Each scan generates a timestamped, immutable report with findings mapped to specific compliance controls. Auditors can verify the scan methodology, date, and server identity. The SBOM export satisfies supply chain security requirements for government and enterprise procurement.
What does it cost?
Server Scanner is included in all FluxCybers plans. Starter plans include 10 servers, Team plans include unlimited servers. Enterprise plans add custom compliance report templates and dedicated support. See Pricing for details.
Pricing

Simple, transparent pricing

3-day free trial on all plans. No credit card required.

Starter
$79/month
Billed monthly · cancel anytime
Buy Now →
  • 10 servers monitored
  • CVE vulnerability scanning
  • Open port & misconfiguration detection
  • SBOM generation (SPDX 2.3)
  • Monthly compliance reports
MOST POPULAR
Pro
$149/month
Billed monthly · cancel anytime
Buy Now →
  • Unlimited servers
  • Rootkit & backdoor detection
  • BYOVD pre-scan & driver analysis
  • Continuous monitoring & alerts
  • Compliance report templates
  • 90-day scan history
Enterprise
$299/month
Billed monthly · cancel anytime
Buy Now →
  • Everything in Pro
  • Custom compliance templates
  • Dedicated security team
  • API access & SIEM integration
  • On-premise deployment option
  • SLA guarantee & 1-year archive

3-day free trial  ·  No credit card required  ·  Cancel anytime  ·  View full platform pricing →

Get started today

Your first scan is free.
Your auditors will thank you.

Connect a server. Get a full security audit and SBOM. No credit card required.

Start Free Scan → How It Works

No credit card required · 3-day free trial · Cancel anytime

Ready to secure your infrastructure?
Buy Now — Starter $79/mo Pay by Link → Buy Now — Pro $149/mo Pay by Link →