Web Security Scan

passive security reconnaissance

Scan. Recon. Harden.

Six non-invasive security modules run in parallel on any target. No login, no tracking, rate-limited to keep things ethical.

https://
6
Scan Modules
2/hr
Rate Limit
50
History Entries
100%
Passive

Scan Modules

6 available
๐Ÿ”‘

Secrets Detection

Leaked API keys, tokens, credentials in JS bundles

๐Ÿ›ก๏ธ

Security Headers

CSP, HSTS, X-Frame-Options, and 9 more header checks

๐Ÿ”

JS Recon

API endpoints, admin paths, env vars from JS files

โšก

Tech Stack

Frameworks, CDNs, CMS, analytics, web servers

๐ŸŒ

Subdomains & DNS

Subdomains via crt.sh + brute force, SPF, DMARC

๐Ÿ”’

SSL & WHOIS

Certificate validity, RDAP domain registration data