01Customer Interface
SaaS Dashboard
Cloudflare Pages
6 tabs
  • Overview & Topology
  • Applications
  • Recommendations
  • Billing
  • Testing (Bot Fleet)
API Gateway
Cloudflare Workers
120+ endpoints
  • OAuth & MFA auth
  • Scan submission & streaming
  • Bot deploy/destroy proxy
  • Company & topology APIs
02Orchestration Engine
Backend API
Python Flask · Gunicorn · Dedibox + AWS Fargate
  • Scan pipeline orchestration
  • 13 subdomain API sources
  • AWS Batch & Fargate job submission
  • In-memory TTL caching
  • Security middleware
Deploy Service
Go · :8081
23 platforms
  • Multi-cloud provisioning
  • Spot instance support
  • Dynamic Fleet Controller userdata
  • Region auto-selection
Spot Monitor
Go · :8082
  • 60s polling cycle
  • Reclamation detection
  • Auto-redeploy (3 retries)
  • SQLite state tracking
Binary Server
Nginx · :9999
  • boot.sh (5KB)
  • bot_latest (18MB)
  • ddactic-bot.service
03Execution Fleet
AWS Batch Scanner
Docker · 5-stage · passive / active
13 API sources
Stage 1 - SLD & subdomain discovery
Stage 2 - Port scan + CDN filter
Stage 3 - L7 recon (8 tools)
Stage 4 - Breach DB lookup
Stage 5 - Attack vector derivation
  • HTTP & Playwright fingerprinting
  • DNS & DNSSEC analysis
  • SMTP SPF/DKIM/DMARC
  • GraphQL introspection
  • gRPC reflection & Auth
  • SIP & Direct-to-Router
  • Large assets → LFD bandwidth test
  • POST/PUT endpoints → HTTP bomb
  • gRPC/SMTP open → protocol flood
  • Scrubbing ASN → BGP diversion test
Bot Fleet
19 active platforms
100s of ASNs
  • Spot: AWS, GCP, Azure, Alibaba, Tencent
  • On-demand: DO, Hetzner, OVH, Scaleway, Kamatera, Gcore, Contabo, Exoscale, UpCloud, Cherry, Fly, IONOS, Zenlayer & more
  • Fleet arch: distinct ASN + region per bot
  • Fleet arch: residential proxy tier for ISP IPs
  • Test plan: recon-derived, attack vectors auto-selected from scan findings
Fleet Controller
Go · HTTP/2 · Self-hosted
  • HTTP/2 bot communication
  • Real-time command dispatch
  • Burst / rest cycle control
  • Attack escalation sequencing
  • Web operations dashboard
Traffic Intelligence Lab
Mobile · Desktop · ISP
  • Real ISP & mobile-carrier IPs
  • iOS & Android app fingerprints
  • Windows, Linux & Android desktops
  • Residential proxy source for Playwright
04Intelligence Output
S3 Storage
AWS S3 Bucket
  • Scan results (JSON)
  • Topology data
  • App recon captures
  • 24h cache for SLDs
Reports & OPI
PDF / HTML
  • Open Protection Index score
  • Executive summary
  • Technical deep-dive
  • Compliance-ready format
Hardening Engine
Before · During · After
Continuous
  • CLI commands for 12 vendors
  • Auto-execute: CF · AWS · Azure · GCP
  • Pre-test: baseline configs applied
  • Live: rules adjusted in real-time
  • Post: delta OPI score comparison
  • Scheduled re-tests on infra change
Cloudflare CDN / WAF / Tunnels
Residential Proxy (crt.sh)
AWS SSM Parameter Store (33 params)
ECR Docker Registry
AWS Batch Compute
Initializing simulation...
Step 0/0