Sale of the SCORPION PLATFORM (SCORPION-AI), an AI-powered pentesting tool

For informational purposes only

Claimed capabilities, according to the seller: • an autonomous orchestrator for pentesting and bug bounty workflows, built on LangGraph and MCP • positioned as a C2 web application: the operator sets a target and enables Auto Agent, after which the AI decides which tools to run and adjusts the attack vector on its own • integrated with Hexstrike-AI, a framework for autonomous vulnerability discovery and exploitation • built-in tools include Shodan, Nuclei, ZAP, Nmap, and Burp Suite • agent set includes reconnaissance, web application exploitation, network intrusion, social engineering, C2 OpSec, and smart contract auditing • integrations with bug bounty platforms: HackerOne, Bugcrowd, Intigriti, and YesWeHack • automatic report generation and submission to platforms

The seller presents the platform as a legitimate bug bounty tool. However, they also describe it as a C2 system, while the presence of agents for social engineering and network intrusion indicates potential use in attacks beyond the scope of bug bounty programs.

💬 Discuss