Our scan bot, in full transparency
You may have seen requests with the header User-Agent: CyberToolScanner/1.0 (+https://cybertool.fr/bot) in your web server logs. Here is what you need to know.
What CyberTool does
CyberTool is a French SaaS for continuous security monitoring of websites. Our customers (cybersecurity agencies and SMBs) explicitly authorize us to scan their own domains so that vulnerabilities are caught before an attacker finds them.
What the scanner does (and does not do)
- Requests GET and HEAD only, never POST/PUT/DELETE.
- Only on standard technical endpoints: root, /robots.txt, /xmlrpc.php, /readme.html.
- Respects
robots.txtand a rate limit of 5 requests max per scan. - No attacks, no fuzzing, no injection, no brute-force.
- External sources we query (crt.sh, Cloudflare DoH) are public and passive.
Don't want to be scanned?
Write to us at abuse@cybertool.fr. We will stop within 24 hours and add your domain to our global exclusion list. If your domain belongs to one of our customers, we will ask them to remove it.
You can also simply block our User-Agent at the server level (NGINX example):
if ($http_user_agent ~* "CyberToolScanner") {
return 403;
}Responsible disclosure
If you find a flaw in CyberTool itself, see our security.txt. Contact: security@cybertool.fr.
Last updated: April 22, 2026