BrokenApp
Back to blog
AnnouncementFeb 10, 20264 min read

Launching BrokenApp: the inspection layer for the internet

Every deployed web application has bugs. Security vulnerabilities, broken forms, failed API calls, leaked credentials. Most teams know their software has problems — they just don't know where, or how bad.

Today we're launching BrokenApp: an automated scanner that finds bugs, security vulnerabilities, and broken functionality in any deployed web app. Evidence-backed reports. No signup required.

The problem we're solving

Manual QA doesn't scale. Bug bounty programs are expensive and inconsistent. Automated testing catches what you write tests for, but misses everything else. The result: broken software ships to production every single day.

And it's about to get worse. AI coding tools — Claude Code, Codex, Copilot — are generating software at unprecedented scale. More code means more bugs. The volume of deployed software is outpacing every team's ability to verify it.

What BrokenApp does

BrokenApp is a Rust CLI that launches a headless browser, crawls your entire application, and tests every route, form, endpoint, and asset it finds. It produces structured reports with evidence: screenshots, network traces, and reproduction steps for every finding.

The scanner includes nine detection modules:

  • Full-app vulnerability scanning with severity classification
  • IDOR / BOLA detection with cross-user replay and body similarity scoring
  • N×N auth matrix testing across unlimited role pairs
  • Exposure scanning with 18 compiled regex patterns and 22 active probes
  • Business logic testing — step-skip and replay attack detection
  • Native auth flow testing for Supabase and Firebase
  • GraphQL per-operation endpoint detection
  • Baseline & triage management with Blake3 fingerprinting
  • Compliance mapping to CWE and OWASP Top 10

The AI feedback loop

BrokenApp doesn't just find bugs — it produces reports specifically designed to be consumed by AI coding tools. Every finding includes a description, reproduction steps, and a recommended fix. Feed the report into Claude Code or Codex and the AI can fix the issues directly.

Then re-scan to verify. Diff reports show exactly which issues are resolved and which are new. The complete debugging workflow from detection to resolution to verification — automated.

What's next

We're running the Clean Code Challenge — scanning 1,000 apps and giving developers the reports for free. Fix the most bugs using AI coding tools and win up to $1,000 in prizes.

The CLI is available now. Install it, scan your app, and see what's broken. Evidence, not guesswork.

All postsInstall the CLI