Distributed recon that doesn't fall over.
Hosted scanning across your own distributed nodes, resumable through crashes, with AI that triages the findings. Built for bug-bounty hunters and pentest teams who are done babysitting shell scripts.
Free tier · No credit card · Your nodes, your infrastructure
Offensive Operations Collapse Under Complexity
Tools Were Never Designed to Operate Together
Recon pipelines are still stitched together with shell scripts, temp files, and fragile glue logic. Enumeration, scanning, probing, and analysis remain disconnected systems with no shared operational context.
Intelligence Dies Between Execution Stages
One scanner discovers an exposed API. Another tool never sees it. Findings stay trapped inside isolated outputs instead of flowing through a unified operational pipeline.
Visibility Vanishes Across Distributed Operations
As targets, nodes, proxies, and workflows scale, operational awareness disappears. Teams lose track of what is running, where traffic originates, and how scans are behaving in real time.
Infrastructure Fails Mid-Engagement
Cron jobs crash. VPS nodes disappear. Tunnels leak. Long-running scans silently stall without orchestration, health monitoring, or recovery mechanisms built into the execution layer.
One Platform. Full Operational Control.
Everything required to orchestrate offensive security operations at scale, from distributed execution to live operational intelligence.
Distributed Execution Architecture
A scalable operational architecture built for distributed reconnaissance, anonymized execution, and live attack surface intelligence.
Web Panel & API
Create and manage jobs, configure workflows, and monitor execution through a web interface or direct API calls.
Crossfyre Controller
Central control plane that schedules jobs, coordinates workers, and tracks execution state across the platform.
CFX Nexus
Backend services responsible for authentication, persistence, messaging, and coordinating communication between components.
Node Daemon
Distributed execution unit that pulls jobs, runs assigned extensions, and reports results back to the controller.
Extension
Modular execution unit that performs a specific operation as part of a workflow.
Target Infrastructure
The systems, networks, or applications designated for testing or analysis during an operation.
SEE CROSSFYRE IN ACTION
From Solo Hunters to Full Red Teams
Built for the way you actually operate, from a single bug-bounty hunter on one box to a red team coordinating a distributed fleet.
Bug Bounty Hunters & Researchers
Run distributed reconnaissance and large-scale scanning without building or babysitting your own infrastructure. Point it at a scope and watch findings stream in.
- Distributed node execution
- Proxy & tunnel isolation
- Workflow automation
- Real-time findings
Red Teams
Coordinate complex offensive operations through a centralized command layer with shared visibility, distributed execution, and operational control.
- Team-based workflows
- Shared operational state
- Live telemetry
- Controlled infrastructure routing
Security Teams
Continuously monitor internal and external attack surfaces using customizable reconnaissance workflows, streaming intelligence, and automated analysis.
- Continuous reconnaissance
- Exposure discovery
- Attack surface monitoring
- AI-assisted analysis
Enterprise Security Labs
Standardize offensive tooling, infrastructure, and operational policies across distributed teams with centralized visibility and scalable execution.
- Unified operational control
- Infrastructure governance
- Distributed fleet management
- Standardized execution pipelines
Real Operational Experience
Crossfyre was designed around the operational realities of modern offensive security, from distributed reconnaissance to stealth infrastructure and large-scale execution.
Built by Engineers Who Run Offensive Infrastructure
Crossfyre was built from real-world frustrations with fragmented tooling, unreliable workflows, and infrastructure that failed during active operations.
Built Around Modern Reconnaissance Techniques
Designed around evolving offensive methodologies, distributed execution models, and scalable attack surface intelligence techniques.
Engineered for Unstable and Hostile Environments
Built to maintain operational continuity across unstable networks, rate limits, infrastructure failures, and degraded routing conditions.
Simple, honest pricing.
Pay a flat rate for scanning. AI analysis runs on credits, so heavy use stays fair. No surprise bills, no enterprise sales call.
Try real scans, no card.
- 1 target
- 1 concurrent scan
- All recon workflows
- Live findings dashboard
- ~25 AI analysis credits (one-time trial)
For individual hunters & researchers.
- ~10 targets
- 2 concurrent scans
- Resumable multi-hour scans
- Managed proxy & tunnel routing
- 150 AI analysis credits / mo
- 30-day scan history
For boutique pentest & recon shops.
- ~50 targets
- 5 concurrent scans
- 3 seats included (+$25/seat)
- Team management & shared workflows
- Custom .cfx playbooks
- 600 AI analysis credits / mo
AI analysis (Valkyrie) runs on credits. 1 credit ≈ 1 endpoint analyzed. Run out? Top up anytime.
READY TO HUNT ?
Point it at a target and watch findings stream in, live.
Free tier · No credit card · Bring your own nodes
Frequently Asked Questions
Answers about deployment models, infrastructure, operational workflows, and platform capabilities.
Bug-bounty hunters, independent researchers, and pentest and red teams who run distributed reconnaissance, from a solo operator on one box to a boutique shop coordinating a fleet. Larger security labs standardizing large-scale recon programs fit too.
It's a different class of tool. Crossfyre runs on our own proprietary Rust scanning engines, purpose-built for distributed execution, with industry-standard tooling available as optional extensions when you want it. On top of that you get what a DIY toolkit can't: hosted zero-setup deployment, a crash-safe control plane where scans survive node failures and resume instead of restarting, a live dashboard your whole team shares, managed proxy and tunnel routing, and AI that triages raw output into prioritized findings. Those projects are scripts you assemble and maintain yourself. Crossfyre is an engineered operations platform.
Start free, no credit card. Paid plans are built for solo operators and small teams, with AI analysis metered as simple credits so heavy usage stays fair. See the pricing section above for the tiers.
Nothing is lost. Work is dispatched over a durable NATS JetStream queue with per-operation acknowledgement. If a node drops, its in-flight work is automatically redelivered to another node and the scan resumes. Long, multi-hour scans finish even across unstable networks and rate limits.
Your findings are yours. Scan data is isolated per team, encrypted in transit and at rest, and never sold or used to train anything. You can run nodes on your own infrastructure so traffic originates from where you choose. See our security page for specifics.
Nodes can be self-hosted by any user. Deploy the cfx_controller daemon on your own VPS, lab, or internal infrastructure. Self-hosting the full control plane (Nexus, API switch, and supporting services) is available exclusively to enterprise customers.
Yes. Crossfyre is for authorized offensive security work only: engagements you're contracted for, assets you own, or scoped bug-bounty programs. The proxy and VPN-isolation features exist to model real adversaries during authorized tests and keep traffic in-scope, not to enable unauthorized access.
Yes. Nodes can operate behind layered proxy chains and VPN-isolated network namespaces to model realistic adversary infrastructure and enforce traffic isolation during authorized offensive operations.
Workflows are decomposed into operations and dispatched across distributed nodes using a streaming execution model backed by NATS JetStream. Findings are returned in real time as operations execute.
Yes. Crossfyre includes team-based operational management with shared workflows, centralized visibility, permissions, activity tracking, and distributed infrastructure coordination.
Yes. Crossfyre includes a Python-based .cfx playbook system for building custom offensive workflows, automation pipelines, and extension-driven execution logic.
No. Crossfyre is a commercial offensive security platform developed by Clickswave Labs Private Limited. Certain ecosystem tooling and components may be released separately in the future.