Alternatives to 42Crunch on Chi

middleBrick is a self-service API security scanner that operates as a black-box solution. Submit a URL and receive a risk score from A to F with prioritized findings. It requires no agents, no SDK integration, and no access to your source code, making it applicable to any language, framework, or cloud environment used in Chi deployments. Scan completion typically occurs in under a minute, using read-only methods such as GET and HEAD, with text-only POST allowed for LLM probes.

The scanner covers 12 categories aligned to OWASP API Top 10 (2023). It maps findings to this standard to support audit evidence for related control validation. Detection capabilities include authentication bypass and JWT misconfigurations, broken object level authorization and IDOR, broken function level authorization and privilege escalation, sensitive data exposure such as PII and API keys, input validation issues including CORS misconfigurations, rate limiting and resource consumption indicators, encryption and transport security checks, server-side request forgery probes, and inventory management concerns. An LLM security module runs 18 adversarial probes across Quick, Standard, and Deep scan tiers to assess jailbreak, data exfiltration, and prompt injection risks.

middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 specifications with recursive $ref resolution. It cross-references spec definitions against runtime findings to highlight undefined security schemes, sensitive fields, deprecated operations, and missing pagination. For authenticated scans, which are available from Starter tier and above, it supports Bearer tokens, API keys, Basic authentication, and cookies. Domain verification is enforced through DNS TXT records or an HTTP well-known file to ensure only the domain owner can scan with credentials. A strict header allowlist limits forwarded headers to Authorization, X-API-Key, Cookie, and X-Custom-*.

The Web Dashboard provides a central location to run scans, review reports, track score trends, and download branded compliance PDFs. The CLI via the middlebrick npm package supports commands such as middlebrick scan <url> with JSON or text output. A GitHub Action is available to act as a CI/CD gate, failing the build when the score drops below a defined threshold. The MCP Server enables scanning from AI coding assistants including Claude and Cursor.

Pro tier adds continuous monitoring with scheduled rescans every six hours, daily, weekly, or monthly. It provides diff detection across scans to surface new findings, resolved findings, and score drift. Email alerts are rate-limited to one per hour per API, and webhooks are HMAC-SHA256 signed, with auto-disable after five consecutive failures. Enterprise tier supports unlimited APIs, custom rules, SSO, audit logs, an SLA, and dedicated support.

middleBrick is a scanner that detects and reports findings with remediation guidance; it does not fix, patch, block, or remediate. It avoids active SQL injection or command injection tests, as those fall outside its non-intrusive scope, and it does not detect business logic vulnerabilities that require domain-specific human analysis. Blind SSRF is out of scope due to the lack of out-of-band infrastructure support.

The platform uses read-only methods only and never sends destructive payloads. Private IPs, localhost, and cloud metadata endpoints are blocked at multiple layers. Customer scan data is deletable on demand and purged within 30 days of cancellation. It is not used for model training or sold to third parties.