RETROH4CK started as one operator's internal toolkit — too many bash tabs, too little sleep. It grew into a production-grade SaaS that unifies attack-surface management, offensive reconnaissance, and risk-aware intelligence into a single pane both red and blue teams can actually use.
Modern attack surfaces move faster than the tools that map them. Subdomains appear overnight, services get exposed by accident, JavaScript bundles leak secrets, and CVEs go from disclosed to exploited in hours. The individual tools are great — the glue between them isn't.
So we built the glue. RETROH4CK gives you a fast, reproducible workflow that stays honest about what it knows and what it's guessing. No miracle claims, no black-box alerts.
Correctness before cleverness. A finding with context beats a finding with a dashboard.
Zero-false-positive bias. We'd rather miss one low than flood you with twenty junk mediums.
Operator speed. Every click should move work forward — not open a wizard.
RETROH4CK compounds every manual recon workflow into one pipeline. Here's the math most teams run before they subscribe:
20+ hours / week of manual subdomain enumeration, OSINT stitching, and report writing — reduced to a single command and a review pass.
One platform replaces the stack: 30+ tools, 3–4 recon-automation licenses, a dedicated orchestration server, and most junior-analyst triage time.
Average engagement surfaces hundreds of subdomains, live hosts, exposed services, leaked secrets, and CVE chains — with AI-assisted false-positive suppression.
A full day's work of security tooling wrapped in one coherent surface. You point it at a target, it surfaces the risk that actually matters — and hands you a report your stakeholders can read.
Under the hood, RETROH4CK is a multi-stage orchestration pipeline. You pick a target and a scan mode — the platform handles every phase automatically and streams progress live to your browser via WebSocket.
Lightning (5–10 min quick recon), Superfast and Fast (the default 15–30 min engagement), Slow (exhaustive multi-hour audit), and Custom (per-tool control).
Subdomain enumeration → DNS resolution → live-host probe → port discovery → HTTP enrichment + screenshots → vulnerability scan → takeover checks → PDF report.
No black box. Every stage, every tool invocation, and every finding streams to your dashboard in real time. Logs are sanitised for standard users, raw for superadmin.
CIDR and IP-range scanning runs on Portwave — a custom Rust scanner we wrote from scratch. Discovery, enrichment, and vuln-scan in one pass, with adaptive rate-limiting and automatic CDN/WAF exclusion.
Every scan produces a branded PDF with executive summary, per-finding narrative, remediation guidance, and evidence screenshots — swap the brand for org-specific deliverables.
Cron-based recurring scans, change tracking between runs, webhook alerts on new findings, and a weekly executive digest email for stakeholders.
RETROH4CK ships with integrated AI support wired into the places it earns its keep — not sprinkled on top for show. What it delivers:
Flags likely false positives, suppresses known-benign patterns, explains why — so your queue is the 10% that matters.
Reads minified bundles, extracts secrets, endpoints, auth flows, and explains the code in plain English.
Cross-references public signals into one tagged profile — CONFIRMED / REPORTED / INFERRED — so you know what to trust.
Connects individual findings into exploit paths and suggests next actions — turns a list of CVEs into a story.
Executive summaries and per-finding narratives that read like they were written by a senior consultant.
Ask the AI about your scan, your target, or a specific finding — context-aware, session-scoped.
RETROH4CK is our work, but the wider security community made it possible. Under the hood we integrate a carefully chosen set of best-in-class open-source security tools — projects built by extraordinary maintainers we owe an enormous debt to.
To every maintainer of every open-source project we build on: thank you. Your work is the reason this platform exists — the orchestration, UX, correlation, and AI glue we wrote on top only matters because you did the hard work underneath.
Security tooling has an ironic problem: it's often built without much. RETROH4CK is engineered to hold up to the scrutiny of the people who use it.
Bcrypt password hashing, TOTP / email 2FA, HttpOnly + Secure + SameSite session cookies with short TTL.
Five roles — superadmin, owner, org-admin, member, viewer. Org-scoped isolation at the query layer.
CSRF on every state change, parameterised SQL, path-traversal guards, SSRF defence, rate limits.
API keys encrypted at rest. Decrypted only at use, never logged. Uploaded assets served via signed, short-lived URLs.
Every admin action logged. Sanitised logs for non-privileged users, raw logs for superadmin only.
Self-hosted, no telemetry, no phone-home. Your data never leaves our servers unless you explicitly trigger an integration.