ZeroQuarry
Sign in Get started ->
PLATFORM Source, binary, and live target research

One research loop. Every surface you ship.

ZeroQuarry coordinates focused agents across code repositories, uploaded artifacts, and authorized running systems. Each scan moves through investigation, triage, adversarial review, artifact generation, and remediation handoff.

Start a scan -> Compare surfaces
platform://zeroquarry ACTIVE
$ connect --repo git@github.com:acme/api
ok source coordinator ready
$ upload --artifact mobile-release.apk
ok binary workspace expanded
$ target --url https://api.acme.test
ok live scope authorized
01 · Surfaces

Follow the product,
not the scanner category.

Source, binaries, and live behavior reveal different failures. ZeroQuarry keeps them in one project history so findings, versions, patches, and reports stay connected.
01 Source
controller
policy
tenant_id
write

Code repositories

Clone public or private git repositories, upload archives, or scan changed files from CI. Agents inspect control flow, auth logic, dangerous sinks, dependency context, and business rules.

  • private git credentials
  • diff-scoped rescans
  • per-stage model routing
02 Binary
APK manifest + deeplinks
JAR decompiled classes
FW extracted filesystem
NATIVE strings + symbols

Shipped artifacts

Upload APKs, JARs, firmware, installers, and archives. ZeroQuarry expands what it can, runs available decompilers and extractors, and reviews the artifact customers receive.

  • mobile and firmware review
  • embedded secrets and weak crypto
  • update and signature workflows
03 Live
GET/api/users/me200
PATCH/api/users/43200
tenant boundary failed

Authorized targets

Run active tests against scoped web apps and APIs. ZeroQuarry supports required headers, auth cookies, custom headers, basic auth, and form login with redacted scan logs.

  • authorization checkbox gate
  • scope-host constraints
  • non-destructive probes
02 · Agent system

Coordinated agents,
not one giant prompt.

The platform decomposes work into specialist phases so broad search, skeptical review, PoC generation, and patch drafting can use the right tools and model budget.
01

Coordinator

Builds the scan plan, tracks coverage, and dispatches focused workers.

02

Workers

Investigate a specific surface, trace exploit paths, and record candidate findings.

03

Review

Triage, vendor review, rebuttal, and confidence scoring filter weak findings.

04

Artifacts

Generate PoCs, disclosure drafts, patch diffs, and workflow-ready exports.

03 · Controls

Built for teams
with real constraints.

B2B security work is not just detection. ZeroQuarry includes the guardrails, account controls, and cost knobs needed to run scans repeatedly.
A
AUTH

Private access

Scan private repositories and authenticated remote targets with scoped credentials and redacted logs.

M
MODELS

Model routing

Choose different models for scan, review, and artifact phases, or require bring-your-own LLM keys.

B
BATCH

Batch mode

Run artifact generation through provider batch APIs when lower cost matters more than speed.

G
GOV

Team governance

Projects, members, quotas, API keys, storage limits, and account-level settings keep usage controlled.

I
INTEGRATE

Workflow integrations

Jira, ServiceNow, Slack, GitHub bot PRs, API endpoints, and share links keep findings moving.

R
REPORT

Branded reports

Export Markdown, HTML, and PDF reports with customer-facing branding controls where needed.

Start with one surface.
Grow into the full loop.

Connect a repo first, then add scheduled delta scans, authenticated live targets, binary reviews, and remediation workflows as your program matures.

Open the Cloud Console -> See continuous testing