 ██████╗███████╗██████╗ ████████╗     ██╗  ██╗      ██████╗ ███████╗███╗   ██╗
██╔════╝██╔════╝██╔══██╗╚══██╔══╝     ╚██╗██╔╝     ██╔════╝ ██╔════╝████╗  ██║
██║     █████╗  ██████╔╝   ██║  █████╗ ╚███╔╝█████╗██║  ███╗█████╗  ██╔██╗ ██║
██║     ██╔══╝  ██╔══██╗   ██║  ╚════╝ ██╔██╗╚════╝██║   ██║██╔══╝  ██║╚██╗██║
╚██████╗███████╗██║  ██║   ██║        ██╔╝ ██╗     ╚██████╔╝███████╗██║ ╚████║
 ╚═════╝╚══════╝╚═╝  ╚═╝   ╚═╝        ╚═╝  ╚═╝      ╚═════╝ ╚══════╝╚═╝  ╚═══╝

Polyglot Security Scanner • Open Source • Built with Rust

The polyglot vulnerability scanner
that runs detection logic as real code

CERT-X-GEN is a polyglot execution engine: templates in 12 languages, parallel runs, three-tier sandboxing, and AI-powered template generation.

View on GitHub Browse Templates

Breaking

We're building one of the most versatile code-first vulnerability scanners.

Most exploit-based vulnerability scanners accept YAML templates as input, but why limit ourselves to YAML when multi-step exploitation logic is often easier (and more efficient) to implement in real programming languages? That's why we created the Cert-X-Gen CLI.

Cert-X-Gen is a simple CLI tool that lets you write templates in 12 languages: YAML, Python, Java, Go, PHP, Shell, JavaScript, Ruby, Perl, C, C++, and Rust. This gives you more flexible ways to add your favorite templates, and you can also use the CXG CLI's built-in AI capabilities to generate templates on the go.

Develop your own templates: github.com/Bugb-Technologies/cert-x-gen-templates
Template skeleton (compatibility): templates/skeleton
CXG CLI repo: github.com/Bugb-Technologies/cert-x-gen

Open to the community. Happy hacking!

Solution

Modern vulnerabilities behave like programs.
Why don't our scanners?

Introducing CERT-X-GEN — the first polyglot vulnerability scanner that executes detection logic as real code across 12 languages. Instead of being locked into rule syntax, security teams can write checks with the full expressiveness of Python, Go, Rust, JavaScript, C/C++, Java, and more.

What this enables

• Stateful protocol testing
• Multi-step logic flows
• Complex validation
• Behavioral analysis

Built for real operations

• Parallel execution
• Containerized isolation
• Git-based management
• JSON, SARIF, HTML output

Security detection, re-engineered.

Write templates in 12 languages

Python

Rust

C++

Java

JavaScript

Ruby

Perl

PHP

Bash

YAML

See it in action

8 commands. Parallel execution. Real-time findings with severity classification.

cxg — Terminal

zsh

Get started in three steps

Install the CLI, pull the latest templates, then run your first scan. No config required to start.

1Install2Update templates3Scan

Choose your install method

Homebrew(macOS / Linux)

brew tap bugb-technologies/cxg && brew install cxg

Install script(Any system)

curl -fsSL https://raw.githubusercontent.com/Bugb-Technologies/cert-x-gen/main/install.sh | bash

Cargo(From source (Rust))

cargo install --git https://github.com/Bugb-Technologies/cert-x-gen.git

Then run your first scan

cxg template update && cxg scan --scope example.com

Templates download automatically on first run. Use --scope with a host, file, or CIDR.

CERT-X-GEN CLI

Source code, releases, and issue tracker

View on GitHub →

Templates repo

58+ checks — add your own and open a PR

Browse templates →

Template skeleton Documentation Download binaries ← Back to Apps

██████╗███████╗██████╗ ████████╗ ██╗ ██╗ ██████╗ ███████╗███╗ ██╗ ██╔════╝██╔════╝██╔══██╗╚══██╔══╝ ╚██╗██╔╝ ██╔════╝ ██╔════╝████╗ ██║ ██║ █████╗ ██████╔╝ ██║ █████╗ ╚███╔╝█████╗██║ ███╗█████╗ ██╔██╗ ██║ ██║ ██╔══╝ ██╔══██╗ ██║ ╚════╝ ██╔██╗╚════╝██║ ██║██╔══╝ ██║╚██╗██║ ╚██████╗███████╗██║ ██║ ██║ ██╔╝ ██╗ ╚██████╔╝███████╗██║ ╚████║ ╚═════╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═══╝

We're building one of the most versatile code-first vulnerability scanners.

Open to the community. Happy hacking!

The polyglot vulnerability scannerthat runs detection logic as real code

We're building one of the most versatile code-first vulnerability scanners.

Modern vulnerabilities behave like programs.Why don't our scanners?

What this enables

Built for real operations

See it in action

Get started in three steps

The polyglot vulnerability scannerthat runs detection logic as real code

We're building one of the most versatile code-first vulnerability scanners.

Modern vulnerabilities behave like programs.Why don't our scanners?

What this enables

Built for real operations

See it in action

Get started in three steps

The polyglot vulnerability scanner
that runs detection logic as real code

Modern vulnerabilities behave like programs.
Why don't our scanners?

The polyglot vulnerability scanner
that runs detection logic as real code

Modern vulnerabilities behave like programs.
Why don't our scanners?