Security Tools

Polite TCP-connect port scan of a single public host (max 128 ports) with optional banner grab.

Scan a web server for known vulnerabilities, misconfigurations, and dangerous files.

Identify the TLS stack and version behind a server by probing its handshake behaviour.

Fetch a URL and grade its HTTP security headers — CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and more.

Verify whether a domain qualifies for and is listed on the HSTS preload list.

Parse and grade a Content-Security-Policy header, flagging unsafe directives and common bypass vectors.

Scan a WordPress site for vulnerable plugins, themes, weak passwords, and known CVEs.

Scan Drupal, SilverStripe, and Moodle installations for known vulnerabilities and misconfigurations.

Scan WordPress, Joomla, and Drupal sites for vulnerabilities, outdated components, and common misconfigurations.

Full dynamic application security testing (DAST) scanner — crawls and probes a web application for OWASP Top 10 vulnerabilities.

Scan a web application for XSS, SQL injection, file inclusion, XXE, and other common vulnerabilities.

Run community-maintained templates against a target to detect CVEs, exposed panels, misconfigurations, and default credentials.

Query the OCSP responder for a certificate and verify it has not been revoked.

Look up a domain's CAA DNS records to verify which Certificate Authorities are authorised to issue certificates for it.

Check for security.txt, apple-app-site-association, assetlinks.json, and other .well-known security and verification files.

Probe a web server for exposed admin panels, login pages, and sensitive paths — /wp-admin, /.env, /.git, /phpmyadmin, and similar.

Exhaustive TLS audit — protocol support, cipher suites, certificate chain, and 20+ known vulnerability checks (Heartbleed, ROBOT, POODLE, BEAST, and more).

Exhaustive TLS audit — protocol support, cipher suites, certificate chain, and 20+ known vulnerability checks (Heartbleed, ROBOT, POODLE, BEAST, and more).