Multi-Scanner Orchestration

Industry-Standard Scanners, Fully Automated

Samma orchestrates Nmap, Nikto, Tsunami, and DNSRecon as containerized Kubernetes jobs. Auto-detect targets, schedule scans, and stream structured results to your existing tools.

Built-in Scanners

Four battle-tested security scanners, each running in its own container with full isolation and resource control.

Nmap

Network Discovery & Security Auditing

The industry-standard network mapper. Samma runs Nmap as containerized jobs to discover hosts, open ports, running services, and OS fingerprints across your cluster.

  • Port scanning & service detection
  • OS fingerprinting
  • NSE script execution
  • Scheduled & on-demand scans

Nikto

Web Server Vulnerability Scanner

Comprehensive web server testing against thousands of known vulnerabilities, misconfigurations, and outdated software versions.

  • 6,700+ vulnerability checks
  • SSL/TLS configuration testing
  • Server & software identification
  • CGI directory scanning

Tsunami

Network Security Scanner

Google's general-purpose network security scanner with an extensible plugin system for detecting high-severity vulnerabilities with high confidence.

  • Plugin-based detection engine
  • Low false-positive rate
  • Remote code execution detection
  • Exposed sensitive UI detection

DNSRecon

DNS Enumeration & Reconnaissance

DNS enumeration tool for discovering zone transfers, subdomains, DNS records, and potential misconfigurations in your DNS infrastructure.

  • Zone transfer testing
  • Subdomain brute-forcing
  • DNS record enumeration
  • Cache snooping detection

How Scanning Works

From target discovery to structured output, every step is automated and Kubernetes-native.

Auto-Detection

The Kubernetes operator watches for new services and endpoints. New targets are automatically added to the scan queue — no manual configuration needed.

Scheduled Scans

Define cron-based schedules per scanner and target. Scans also trigger automatically when new targets are discovered in your cluster.

Containerized Execution

Every scanner runs as an isolated Kubernetes job. No host dependencies, clean environments, and automatic resource management.

Structured JSON Output

All scan results are normalized to structured JSON and published to NATS. Consume them in Elasticsearch, Grafana, or your own tooling.

Start scanning in minutes

Deploy Samma with Helm, point it at your cluster, and let the scanners do the rest. Results flow to Elasticsearch, Grafana, or any tool you already use.