Scan your site for security issues

Check for exposed .env files, open ports, phpMyAdmin panels and more. Free. Instant. No signup.

3/3 free scans remaining from your IP

What we check

📄

Scans 24+ common paths for exposed environment files containing secrets and credentials.

🔌

Checks 22 common ports (FTP, SSH, MySQL, Redis, MongoDB...) and explains the risk of each.

🗄️

Detects exposed phpMyAdmin panels — the #1 target for database brute-force attacks.

💽

Searches for accidentally exposed SQLite databases files that download your entire app data.

🗃️

Checks if your /.git config or head files are public, which allows downloading your complete source code.

🔒

Validates SSL certificates, HSTS, CSP, and Clickjacking protection headers.

🌐

Tests for commonly exposed environments (admin, dev, test) that often lack basic authentication.