Sign in with your Microsoft work account to continue. Access is restricted and requires
multi-factor authentication.
⚠️ Legal Disclaimer — Read Before Use
This tool uses NMAP, and optionally masscan and
nuclei, to perform active network scans. Scanning networks or IP addresses
without explicit written authorization from the owner is illegal in most
jurisdictions (CFAA, Computer Misuse Act, etc.) and may result in criminal prosecution.
Only scan networks and IP addresses you own or have written permission to test
Never scan public IP ranges (including Azure's full IP list) without a signed pentest agreement
Scanning may trigger IDS/IPS alerts and security incidents
masscan sends high-rate traffic across entire IP ranges — it is noisy and can
disrupt fragile hosts or saturate links; only use it on ranges you are authorized to scan
nuclei actively probes web services with vulnerability templates (sending
crafted requests, not just reading banners) — treat it as intrusive testing, not passive recon
The author accepts no liability for misuse of this tool
By clicking "I Agree" you confirm you have proper authorization
to scan all targets you enter into this tool.
Sightline · Microsoft-powered CTEM
(Preview)
nmap…
masscan…
httpx…
nuclei…
subfinder…
dnsx…
Defender…
▶ Start here
1Connect Defender
2Add targets
3Scan
🎯 Targets
0 hosts
Quick add:+…public
Paste
Upload File
Domain Enum
Azure Enum
ASN Enum
Uses subfinder (passive subdomain enum) + dnsx (DNS resolution).
Discovered IPs are added to your target list. See Quick Setup Guide to install.
Maps a domain / ASN / IP to the CIDR ranges it announces —
surfacing netblocks you may not know about. Keyless, via the free RIPEstat API
(no install needed). Add the ranges to your target list.
Unauthenticated, external check for public Azure namespaces (blob storage,
web apps, SQL, Key Vault, …) built from your keyword. Flags publicly listable blob
containers (data exposure). No credentials used — the attacker's-eye view.
Microsoft
Azure
Entra
Defender
Cloud Apps
⚠️ Azure sign-in requires opening via http://localhost:5000
Start python app.py then visit that URL.
Register redirect URI:
http://localhost:5000
API permission: Azure Service Management → user_impersonation
👤
Loading…
⚠️ Entra sign-in requires opening via http://localhost:5000
Start python app.py then visit that URL.
API permission: Microsoft Graph → Policy.Read.All (Delegated)
Filters: Location Type = IP ranges · Trusted = Yes
🔒 Optional environment variables (set before launching):
SCANNER_PASS requires a login
(HTTP Basic — optionally SCANNER_USER, default admin);
SCANNER_PORT changes the port (default 5000).
Auth is off by default for local use — enable it (behind TLS) if you expose this beyond localhost.
🔐 Microsoft App Registration (Azure · Entra · Defender)
The Azure, Entra and Defender importers all sign in through
one Entra app registration — a single Client ID covers all three.
Cloud Apps uses its own API token instead (Defender for Cloud Apps → Settings → Security extensions).
Add a Single-page application (SPA) platform whose Redirect URI is the exact URL you open this app on
(e.g. http://localhost:5000 locally, or your
https://… domain — it must match the origin exactly; the value is shown in each import tab).
Copy the Application (client) ID into the Client ID field on any of the import tabs.
Under API permissions, add the following as Delegated permissions, then Grant admin consent:
Azure (public IP discovery): Azure Service Management → user_impersonation
Entra (Named Locations): Microsoft Graph → Policy.Read.All
Running behind a domain? Add that https://… URL as an additional SPA redirect URI (you can register several).
🧩 Optional scan-pipeline components
These are external binaries (not pip packages). When present the scanner extends the pipeline
to masscan → nmap → httpx → nuclei; when absent it degrades gracefully to nmap only.
Detection runs at startup, so restart app.py after installing.
masscan — fast discovery on CIDR/ranges (then nmap fingerprints only the
open ports). Needs Npcap on Windows.
github.com/robertdavidgraham/masscan
· Linux: sudo apt install masscan ⚠ MDE alert: Microsoft Defender for Endpoint will trigger a security alert when masscan.exe is present or executed. Add an MDE exclusion before deploying on a monitored endpoint.
httpx — after nmap, confirms which open ports are live HTTP/HTTPS and detects
the real scheme, title and tech, then feeds clean URLs to nuclei.
download a release binary
or go install github.com/projectdiscovery/httpx/cmd/httpx@latest.
⚠ MDE alert: Microsoft Defender for Endpoint will trigger a security alert when httpx is executed from most paths. Exception: placing httpx.exe directly in the application root folder (same directory as app.py) suppresses the MDE alert on monitored Windows endpoints.
nuclei — web vulnerability scan after httpx (severity medium/high/critical).
download a release binary
or go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest.
Templates auto-install on first scan.
⚠ MDE alert: Microsoft Defender for Endpoint will trigger a security alert when nuclei.exe is present or executed. Add an MDE exclusion before deploying on a monitored endpoint.
subfinder + dnsx — used by the Domain Enum tab to enumerate a domain's
subdomains (passively) and resolve them to IPs you can scan.
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
· go install github.com/projectdiscovery/dnsx/cmd/dnsx@latest
⚠️ These send active traffic to targets (masscan floods ranges; httpx and nuclei
send HTTP requests / crafted exploit probes). Only run them against assets you are authorized to test.