Protect Your Supabase Data
Automated penetration testing that finds RLS bypasses, auth flaws, and exposed data before attackers do.
Where to find your Supabase URL:
- Go to supabase.com/dashboard
- Select your project
- Click Settings → General
- First section shows Project URL
Format: https://xxxxx.supabase.co
Full vulnerability scan with all attack vectors
+ Add anon key (optional, for deeper testing)
Your Supabase anon/public key enables deeper security testing
[!] Only test projects you own or have explicit authorization to test
01 Discover → 02 Execute 272+ attacks → 03 Get fixes
272+ vectors 10 categories
White Hat Automated
Preview
Example of scan results
See credential discovery, schema analysis, vulnerability findings, and sensitive data detection in one dashboard.
! Authorized testing only — test projects you own or have permission to test.
Coverage
272+ vectors across 10 categories
Every Supabase attack surface tested with real exploitation attempts.
RLS Bypass — Row Level Security policy circumvention
criticalAuthentication — Token leaks, session hijacking
criticalBusiness Logic — IDOR, price manipulation
highAI-Generated Code — LLM mistakes, exposed keys
criticalInjection — SQL injection, XSS vectors
criticalSecrets Exposure — GraphQL, Vault, API keys
highMulti-tenancy — Tenant isolation failures
criticalDatabase Access — Privilege escalation
criticalRealtime & WS — WebSocket hijacking
mediumOperations — Backup exposure, logging
mediumReady to secure your Supabase project?
Create a free account.