v2.0
0 targets
Ready
#NAMEDOMAINLOGIN URL STATUS

No results yet

Run a scan or import a results CSV.

1. DEPLOY THE PROXY WORKER

The scanner needs a Cloudflare Worker to bypass CORS. Deploy forgerock_proxy_worker.js:

cd worker-dir wrangler init forgerock-proxy # paste the worker code into src/index.js wrangler deploy

Copy the deployed URL (e.g. https://forgerock-proxy.your-subdomain.workers.dev) and paste it into the Proxy field on the Scan tab, appending /probe.

2. ADD TARGETS

Add domains manually, import a CSV, or click Load Sample. The CSV needs columns: name, domain, login_url (optional).

3. HIT SCAN

The scanner probes each domain's common SSO subdomains and ForgeRock URL paths via the proxy. It checks cookies, headers, and page content for ForgeRock signatures. HIGH confidence targets go straight to your outreach list.

DETECTION SIGNATURES

iPlanetDirectoryPro cookie
weight: 10
Classic OpenAM/ForgeRock session cookie. The smoking gun.
X-OpenAM / X-ForgeRock headers
weight: 10
Server response headers identifying the platform.
com.sun.identity / org.forgerock
weight: 9
Java package references in page source.
/openam/ or /am/ URL paths
weight: 5
Default context roots for AM deployment.
serverinfo JSON endpoint
weight: 10
Unauthenticated API returning version info.
ForgeRock SDK / fr-sdk
weight: 7
Client-side SDK references in JavaScript.

CONFIDENCE SCORING

Scores are cumulative. Multiple weak signals compound.

• HIGH ≥25 • MEDIUM ≥12 • LOW ≥4 ○ NONE <4