A multi-tenant console for OSINT reconnaissance. Point it at a domain, pick a preset, and watch subdomains, open ports, exposed services, and vulnerabilities stream into the dashboard as they're discovered.
A purpose-built console for OSINT scanning, plus the operational surface (targets registry, presets, integrations, reports, per-user isolation) you'd otherwise build yourself.
Events per second, total events, DNS queries, HTTP requests, findings — updated in real time. Plus a 3-pane mission-control view: module activity, telemetry graph, terminal log.
Bundles of modules for the most common scan objectives — subdomain enumeration, web crawl, email harvest, web tech detection, cloud asset discovery, deep spider.
Toggle individual modules on or off per workspace. Built-in safety on aggressive scanners — they require an explicit --allow-deadly flip in the launcher.
Stream events to where your team already lives. One-click test endpoint, per-integration enable/disable, last-used-at telemetry.
Persist targets across scans (domains, IPs, CIDRs, ASNs, URLs) with tags. Every resource — scans, targets, presets, keys, reports — is scoped to your workspace.
Generate PDF / JSON / CSV / HTML reports per scan. Every console action also exists as a token-authenticated REST endpoint — drive scans from CI, your SIEM, or a notebook.
Type, paste, or upload a list. Auto-detects domain / IP / CIDR / ASN / URL. Save to the Targets registry to reuse across scans.
+ target example.com domain + target 10.0.0.0/24 cidr + target AS12345 asn
Six built-in presets cover common objectives. Toggle individual modules on or off. Aggressive scanners are blocked unless you flip --allow-deadly.
preset subdomain-enum modules crtsh, shodan_dns, wayback, dns_brute
Pause, resume, or stop. Tail the event log, watch module activity, see findings stream as they happen. Auto-routed to your integrations.
events/sec 1,204 findings 27 (12 high) status running 14:22
Each preset is a tested combo of modules for one objective. Mix and match individual modules when you need something more surgical, then save the combination as a custom preset for next time.
Ready to launch — pick one and add targets.
Toggle per workspace · category-tagged for safety.
All tiers include the full scanning stack, every preset, every module. Higher tiers unlock more concurrent scans, longer retention, more seats, and priority support.
Subdomains (via Certificate Transparency, passive DNS, bruteforce), open ports, HTTP responses, exposed services, leaked credentials, and vulnerabilities matched by nuclei templates. Built-in presets bundle modules for common objectives like subdomain-enum, web-basic, cloud-enum, and email-enum.
Yes. The active scan view shows live events per second, per-module activity, and a tail of the event log. Pause, resume, or stop from the same UI — the scan moves to History with its partial results intact.
In the console for triage. Stream events in real time to Slack, Discord, Neo4j, generic webhooks, S3, Splunk, or Elastic via the Output Integrations panel. Export PDF / JSON / CSV / HTML reports per scan when you need an artifact.
Yes. Every console action is also a REST endpoint under https://api.everwatch.com.br/api/ — token-authenticated, per-user scoped, OpenAPI-described. Drive scans from your CI, your SIEM, or your existing tooling.
Deadly modules are listed in the catalog but disabled by default. They only run if you both (a) toggle them on for your workspace, and (b) flip the --allow-deadly switch when launching the scan. Belt and suspenders.
Yes. One workspace, two concurrent scans, ten scans per month, no credit card. Upgrade only when your team or scan volume outgrows it.