Security:Lab

Is your website safe?

Before an attacker does, we take a look around — leaked secrets, open admin pages, outdated software — and hand you a report in about 5 seconds.

Gentle on your site · only your own domain · usually under 5 seconds

Example

What a report looks like

example.comcompleted · 4.8s
critical
1
high
3
medium
7
low
6
info
4
  • criticalSecret file (.env) publicly accessible
    /.env
  • highOutdated jQuery 1.11.3 — 5 known attacks
    needs upgrade
  • mediumAnyone can spoof email from your domain
    no SPF
  • mediumMissing browser XSS protection (CSP)
    header missing
What we check

Coverage across 13 scanners

Encryption
Expiring certificates, outdated TLS versions, whether http still works
Browser defenses
Missing security headers that block XSS, clickjacking, cookie theft — 9 kinds checked
Leaked files
Secret files (.env), source-code folders (.git), admin panels (wp-admin, phpMyAdmin), internal APIs — 100+ paths
Leaked secrets
32+ key patterns — AWS, Google, Stripe, OpenAI, GitHub — found inside public JS bundles
Outdated libraries
jQuery, Bootstrap, React and friends — looked up live against the OSV.dev CVE database
Email spoofing
Whether someone can send phishing mail from your domain (SPF, DMARC, DKIM)
Supply chain
Missing integrity hashes on external scripts, leaked source maps, suspicious third-party origins
Active probes
Open redirect, CORS origin echo, reflected XSS, HTTP TRACE, dangling-CNAME takeover
Public data
Subdomains pulled from certificate transparency logs, robots.txt, sitemap, security.txt
How it works

Three steps

  1. 01Enter your site. Paste your site's address and tick the box that confirms it's yours.
  2. 02Prove it's yours. Upload a small file or paste one line into your HTML. This stops people from scanning sites that aren't theirs.
  3. 03Get a report. In about 5 seconds you'll see what's risky on your site and how to fix it.

This service is a pre-engagement security audit tool. Scanning a site you do not own, without consent, may violate local computer-misuse laws. By submitting a scan you agree to the Terms of Service and Privacy Policy.