SoftifyBase Security
Supabase Vulnerability Scanner
Where to find your Supabase URL:
- Go to supabase.com/dashboard
- Select your project
- Click Settings → General
- First section shows Project URL
Format: https://xxxxx.supabase.co
+ Add anon key (optional, for deeper testing) [?] Where to find your anon key:
- Go to supabase.com/dashboard
- Select your project
- Click Settings → API Keys
- Scroll to Legacy section
- Copy anon public key
Starts with: eyJhbGciOiJIUzI1...
This key is safe to use - it's public
Where to find your anon key:
- Go to supabase.com/dashboard
- Select your project
- Click Settings → API Keys
- Scroll to Legacy section
- Copy anon public key
Starts with: eyJhbGciOiJIUzI1...
This key is safe to use - it's public
[!] Only test projects you own or have explicit authorization to test
AI-assisted development can miss security holes. Test your SoftifyBase projects with 280+ attack vectors across 9 categories. Know your security posture.
9 Attack Categories. 280+ Attack Vectors.
Comprehensive coverage of every Supabase attack surface. Each category contains multiple attack vectors tested against real vulnerabilities.
No Security
RLS Disabled
Bad RLS
USING (true)
Business Logic
Price & IDOR
Vibecoder
AI Mistakes
Injection
SQL & XSS
GraphQL/Vault
Secrets
Auth/Tenant
Multi-tenant
Database
Deep Access
AI/Realtime
ML & WS
Backup/Logs
Operations
Active Breach Testing
Actually attempts to exploit your Supabase with real attack vectors. No guessing - real proof of vulnerabilities.
Ralph Wiggum Loop
"I'm in danger!" - Persistent iteration until every vulnerability is found. Keeps attacking until the attack surface is fully mapped.
Fix Verification
After you apply fixes, re-runs all attacks to confirm they're actually resolved. No more "trust me, it's fixed."
[!] For Authorized Testing Only
Only test projects you own or have explicit permission to test. This scanner performs real attacks that could affect data. Use responsibly.