mysiteishackable

Don't find out the hard way.

// passive scanner. no exploits. no noise.

$

⚠ Non-intrusive passive scan. Only scan domains you own or are authorized to test.

x***.com · score 42 · D ·· api.***.io · score 88 · A ·· shop.***.com · score 31 · F ·· app.***.dev · score 76 · B ·· portal.***.net · score 55 · C ·· blog.***.com · score 91 · A+ ·· api2.***.co · score 23 · F ·· dash.***.io · score 67 · C ··
// UNDERSTAND THE SCAN →
[H]HTTP HeadersCSP · HSTS · X-Frame→ learn more
[TLS]TLS / SSLCert · Protocol · Expiry→ learn more
[DNS]DNSA · MX · SPF · DMARC→ learn more
[@]Email AuthSPF · DMARC · DKIM→ learn more
[JS]JS SecretsKeys · Tokens · Leaks→ learn more
[!]Misconfigurations.env · .git · Admin→ learn more
// HOW IT WORKS
[01]

Enter any domain you own or are authorized to test.

[02]

We run passive, read-only checks — no exploits, no fuzzing, no writes.

[03]

Get a security grade, detailed findings, and actionable fixes.

// WHY IT MATTERS

Most breaches start with a misconfigured header or an exposed .env file — not a zero-day.

Developers ship fast and forget the defaults. This scanner surfaces what slipped through.

Free. No account. No tracking. Just results.

// WORKS ON ANY STACK →
Next.js
React
WWordPress
Webflow
SShopify
Express
VVue.js
NNuxt
LLaravel
Django
++20 more