Fast, reliable cyber security scans for your website. Get comprehensive insights and actionable recommendations. Cut risk and cost, avoid expensive and mentally exhausting incidents, and protect your customers.
Last update 0s ago
Scan History
manual scan
// how_it_works
Enter your domain and verify ownership with a DNS TXT record or HTML meta tag. Takes under a minute.
We check SSL/TLS, HTTP headers, DNS config, all open ports, web vulnerabilities, and database exposure.
Review prioritized findings and copy AI-generated fix prompts directly into ChatGPT, Claude, or Cursor.
// scan_results
Every scan produces a scored report with prioritized findings and actionable AI prompts.
← yourcompany.com
Feb 1, 2026 at 5:00:20 PM · manual scan
CRITICAL
1
HIGH
0
MEDIUM
2
LOW
3
INFO
5
Findings (11)
Next.js middleware bypass (CVE-2025-29927)
Web Vulnerability Scanner
A critical authorization bypass vulnerability was detected in your Next.js application. Attackers can bypass middleware authentication by sending a crafted x-middleware-subrequest header, gaining unauthorized access to protected routes.
Remediation
1. Upgrade Next.js immediately to a patched version:
npm install next@14.2.25 next@15.2.3
2. If you cannot upgrade, add this to your middleware:
if (request.headers.get('x-middleware-subrequest')) {
return new Response('Forbidden', { status: 403 });
}
3. Redeploy your application after patching.
Reference: https://nextjs.org/blog/cve-2025-29927
Legacy TLS protocol negotiated
SSL & TLS Scanner
DMARC record missing
DNS Scanner
DKIM selectors not found
DNS Scanner
+ 7 more findings
// pricing
Start free. Upgrade when you need more domains, scans, and AI prompt packs.
Launch pricing active: first 100 paid signups get discounted rates (100 spots left).
Free
Try it out on one domain.
Builder
For indie hackers shipping fast. Intro offer for first 100 paid signups.
Startup
For growing teams that need coverage. Intro offer for first 100 paid signups.
// faq
We run 6 security check categories: SSL/TLS certificate and protocol analysis, HTTP security headers (CSP, HSTS, X-Frame-Options, etc.), DNS configuration (SPF, DKIM, DMARC, DNSSEC, CAA), a full port scan with service detection, web vulnerability checks (mixed content, cookie flags, CORS, redirect chains), and database exposure checks (open DB ports + RBAC posture).
You can verify domain ownership in two ways: add a DNS TXT record with a unique token we provide, or place a meta tag in your homepage's HTML head. Both methods take under a minute. You must verify a domain before scanning it.
For each finding, we generate three AI-ready prompts: Fix (step-by-step remediation you can paste into ChatGPT, Claude, or Cursor), Explain (a developer-friendly explanation of the vulnerability), and Verify (a prompt to help confirm your fix works). Available on Builder and Startup plans.
All scan results are stored in an encrypted database and associated only with your account. We never share scan data. You can delete domains and their associated data at any time. We only scan domains you've verified ownership of.
Yes. All plans are billed annually and you can cancel at any time through the billing portal. You'll retain access until the end of your current billing period.
Not yet, but it's on our roadmap. Currently we run a fixed set of 6 check categories that cover the most common security issues for web applications. If you have a specific need, reach out to support.
Security audits shouldn't take 2 weeks and cost a fortune. Run a comprehensive scan in minutes, get actionable findings, and fix issues before they become incidents.
Scanner Coverage
Investor-ready risk visibility
| Scanner | What it checks | Potential customer impact |
|---|---|---|
| SSL/TLS | Certificate validity, protocol strength, cipher hygiene | Trust warnings, traffic interception risk, compliance gaps |
| HTTP Headers | CSP, HSTS, X-Frame-Options, cookie/security headers | XSS, clickjacking, session theft, account takeover risk |
| DNS Security | SPF, DKIM, DMARC, DNSSEC, CAA configuration | Email spoofing, phishing abuse, brand trust damage |
| Port Exposure | Open ports and externally reachable services | Expanded attack surface and unauthorized access paths |
| Web Vulnerabilities | Redirect issues, mixed content, CORS, insecure defaults | Data leakage, browser exploitation, customer account risk |
| Database Exposure | Public database endpoints and weak access posture | Direct data breach risk and costly incident response |