Scan websites for security vulnerabilities, check SSL certificates, analyze security headers, test password strength, and audit privacy configurations — all from your browser.
Check DMARC, SPF, and DKIM DNS records for any domain to assess email authentication and prevent spoofing.
Find HTTP resources loaded on HTTPS pages. Detect active and passive mixed content issues.
Analyze Content Security Policy headers. Check for unsafe-inline, unsafe-eval, and wildcards.
Analyze cookies set by a website. Check Secure, HttpOnly, SameSite flags and compliance issues.
Test CORS configuration for vulnerabilities. Check wildcard, null origin, and credential leaks.
Check for clickjacking vulnerabilities. Analyze X-Frame-Options and CSP frame-ancestors headers.
Grade HTTP security headers (CSP, HSTS, X-Frame-Options, etc.) with A-F scoring.
Scan the top 22 common ports on any server. Check for open services like SSH, HTTP, MySQL, etc.
Check subdomains for potential takeover vulnerabilities via dangling CNAME records.
Test for open redirect vulnerabilities by checking common redirect parameters.
Check for exposed .git, .env, debug logs, and 30+ sensitive file paths on a website.
Analyze raw email headers: trace hops, check SPF/DKIM/DMARC, and extract sender info.
Scan WordPress sites for security issues: exposed files, user enumeration, XML-RPC, debug logs.
Analyze TLS/SSL protocol support, cipher suites, and certificate details for a domain.
Check if an email address has been exposed in known data breaches.