Scan any domain for security risks, SSL/TLS issues, DNS records, vulnerabilities, and more. All from your device, no data shared with third parties.
Coming soon to macOS, Android, and the Microsoft Store.
Comprehensive domain analysis in a single scan.
Evaluate security headers, Reporting-Endpoints, NEL, cookie policies, HTTPS configuration, redirect hygiene, and get an overall security grade with actionable recommendations.
Full certificate chain analysis, protocol version testing, cipher suite evaluation, OCSP stapling detection, mTLS hints, and certificate transparency log lookups.
Query all DNS record types. RDAP (RFC 9083) registration data with EPP status analysis, WHOIS fallback, domain risk scoring, and lifecycle volatility monitoring. Accepts domains, IPv4, or IPv6.
CVE search with EPSS/KEV enrichment, subdomain takeover detection, JS endpoint discovery, third-party dependency inventory, exposed path scanning, and CT remediation guidance.
Server technology detection, GeoIP location, hosting provider identification, CDN/WAF detection, reverse DNS analysis, and RPKI route-validation signals.
Weighted score across 7 categories: TLS Posture, Web Security, Email Auth, Attack Surface, Identity, Infrastructure, Reputation. A–F grade with a confidence score — you always know how complete the picture is.
Plain-language finding explanations and recommendations. Cloud or fully on-device inference (ONNX on native, WebGPU + WASM in the browser) — your data never leaves the device when you choose local mode.
Sign in with Google, Microsoft, GitHub, or Apple to sync scans across devices. Stats dashboard shows total scans, unique domains, and average score. 90-day retention with automatic drift detection.
Scan RFC 1918 private IPs and local hosts from the desktop apps. Common port checks (SSH, HTTP, HTTPS, RDP, SMB) with optional full 1–1024 sweep. Hosted surfaces reject private targets to prevent SSRF.
Built-in scan log viewer showing per-task timing, phase breakdowns, and error diagnostics. Copy raw logs to clipboard for troubleshooting.
Exports grouped by Fail / Warn / Pass with actionable recommendations, category scores, and finding counts across 7 formats including AI Prompt.
Beyond one-shot scans — continuous monitoring, collaboration, and integrations.
Pin up to 20 domains for at-a-glance status. Score, grade, and last-scan time on every entry, with drift indicators when something changes.
Re-run scans on your cadence — every 24 hours, weekly, or monthly. Backend handles the schedule and notifies you the moment a score drops or a finding shifts.
Compare any two scans side-by-side — same domain over time, or two different domains. Powered by the same drift engine the watch list uses.
Opt-in, time-limited (default 30 days), revocable read-only links to a rendered report. Perfect for sharing findings with a vendor or auditor.
POST score-drop and drift events to Slack, Teams, Discord, or any generic HTTPS endpoint. JSON payload with the full delta.
Token-gated /api/v1/scan with per-token rate limits, manageable in Settings. Same scoring engine as the apps — drop into your CI or SOC tooling.
Optional control IDs on every finding: NIST CSF, PCI-DSS, HIPAA, SOC 2, ISO 27001. Filter or export by control to feed audit evidence.
Mark a finding as “accepted risk” per domain with an audit trail. Future scans honor the override but the original signal is preserved.
Every scan runs locally from your device using free, public APIs.
Need the full technical checklist? See Technical Details for a complete public coverage matrix.
Nine built-in themes, including a WCAG 2.1 accessible option.
Dark neon aesthetic with purple and teal glow effects.
Green-on-black terminal hacker aesthetic.
High-contrast colors meeting WCAG 2.1 Level AA standards.
Deep blue ocean with cool cyan accents.
Warm amber and coral tones on dark charcoal.
Cool ice blue with crisp white highlights.
Muted monochrome for low-profile scanning.
Soft pink and magenta with elegant warmth.
Rich green and gold with a luxurious feel.
Share results in the format that fits your workflow.
Available now on Web and iOS.
Coming soon to macOS, Android, and the Microsoft Store.