Free Website Security Scan

OWASP top-10 check in 60 seconds. Reports security headers, exposed files, software versions, and known CVEs.

What we test

• OWASP A01 Broken Access Control — admin path enumeration, directory listing
• OWASP A02 Cryptographic Failures — TLS version, weak ciphers, mixed content
• OWASP A03 Injection (XSS / SQLi) — reflected payloads, error leakage
• OWASP A04 Insecure Design — exposed debug, source maps, backup files
• OWASP A05 Security Misconfiguration — security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options)
• OWASP A06 Vulnerable Components — software/version disclosure in headers & meta
• OWASP A07 Authentication Failures — login form checks, default credentials
• OWASP A08 Software & Data Integrity — unsigned scripts, untrusted CDNs
• OWASP A09 Logging Failures — exposed log paths, stack traces
• OWASP A10 SSRF — open redirects, server-side request forgery patterns
• CMS Detection — WordPress, Drupal, Joomla fingerprints
• Exposed Files — .env, .git, wp-config.php.bak, robots.txt sensitive
• Port Scan — common admin/database ports exposed