Professional security scanner that crawls your web application and tests for OWASP Top 10 vulnerabilities. Get actionable reports with findings and remediation steps.
33 automated checks grouped into 9 categories - based on OWASP Top 10
XSS (reflected), SQL injection, command injection, and path traversal/LFI with multiple payload variants.
4 checksCertificate validity, protocol version, cipher strength, mixed content, HTTP/2 support, and HTTPS enforcement.
5 checksHSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and X-XSS-Protection.
7 checksExposed .env, .git, source maps, private IPs, email addresses, stack traces, and server info disclosure.
6 checksCORS, directory listing, HTTP methods, clickjacking, host header injection, open redirects, and form hijacking.
5 checksCookie flags (Secure, HttpOnly, SameSite), CSRF tokens, autocomplete on sensitive fields, and SRI integrity.
4 checksEndpoint discovery, exposed Swagger/OpenAPI docs, GraphQL introspection, unauthenticated access, and rate limiting.
3 checksDeep crawling (depth 3), subdomain enumeration via CT logs, tech fingerprinting, and WordPress-specific checks.
4 checksSPF record validation, DMARC policy enforcement, and security.txt responsible disclosure policy.
3 checks