Free Security Tools
Analyze your website's security in seconds. No sign-up required, no credit card needed. Get instant results and actionable recommendations.
Run All Tools on One Domain
Run all free checks in one pass and generate a consolidated report in the same style as Vulnify scan reports.
Joomla
Extension-aware guidance, public-surface validation, and rerun-ready fixes.
Shopify
Merchant-focused storefront guidance with mode-aware reporting and rerun steps.
WordPress
Component-intelligence workflow guidance with fast remediation and verification.
SSL Certificate Checker
Verify your SSL/TLS certificate validity, expiration date, and security configuration. Get an instant grade and recommendations.
- Certificate + chain trust diagnostics
- Protocol/cipher risk evidence
- Expiry and renewal priorities
- Actionable hardening recommendations
- Executive-ready grade + summary
Security Headers Analyzer
Analyze your HTTP security headers to protect against XSS, clickjacking, and other common attacks. Get copy-paste fixes.
- Directive-level header scoring
- Missing/weak policy detection
- Route-aware security header evidence
- Exploitability-focused prioritization
- Copy-paste fix templates
DNS Security Check
Check your email security with SPF, DKIM, DMARC, and DNSSEC verification. Prevent email spoofing and phishing.
- SPF/DKIM/DMARC maturity analysis
- Spoofing and delivery risk signals
- Selector/policy validation evidence
- DNS and MX resilience indicators
- Remediation playbook with next actions
Joomla Stack Checker
Run a Joomla-aware profile for extension, template, and public-surface risk with remediation-first prioritization and bounded deeper evidence.
- Joomla signal confidence
- Extension and template evidence (comprehensive)
- Public API/admin/install surface validation (comprehensive)
- Fix-first remediation roadmap
WordPress Stack Checker
Run a WordPress-aware profile for core/plugin/theme footprint exposure, browser hardening controls, route-level evidence, and remediation-first prioritization.
- WordPress footprint confidence
- Route and endpoint evidence (comprehensive)
- Plugin/theme component intelligence (comprehensive)
- Fix-first remediation roadmap
Shopify Storefront Checker
Run a Shopify-aware storefront security profile for transport, headers, cookies, scripts, route-level evidence, and merchant-controlled exposure risks.
- Shopify signal confidence
- Route and endpoint evidence (comprehensive)
- Third-party script risk indicators
- Storefront remediation roadmap
CSP Checker
Validate Content-Security-Policy configuration and identify weak directives before attackers can abuse them.
- Directive-level risk scoring
- Bypass pattern detection
- Stack-specific remediation
HSTS Checker
Check Strict-Transport-Security configuration, preload readiness, and transport hardening posture.
- Policy strength validation
- Preload readiness checks
- Transport hardening actions
Cookie Security Checker
Review cookie flags including Secure, HttpOnly, and SameSite to improve session hardening.
- Cookie inventory evidence
- Secure/HttpOnly/SameSite gaps
- Session hardening playbook
HTTP Methods Checker
Detect exposed HTTP methods and risky verb configurations across website endpoints.
- Multi-endpoint method mapping
- Dangerous verb exposure risk
- Least-privilege method policy
CORS Checker
Inspect CORS headers, wildcard-origin exposure, and credentialed cross-origin risks.
- Origin reflection detection
- Credentialed CORS risk analysis
- Allowlist-first policy fixes
Exposed Paths Checker
Safely check for publicly reachable sensitive paths, admin locations, and likely exposure indicators.
- Confidence-scored exposure findings
- Sensitive endpoint evidence
- Immediate containment guidance
security.txt Checker
Verify responsible disclosure policy publication via security.txt and validate formatting freshness.
- RFC-style field validation
- Stale policy detection
- Disclosure policy fix template
Redirect Chain Checker
Audit redirect hops, loops, downgrade issues, and canonical path efficiency.
- Hop-by-hop redirect evidence
- Loop and downgrade risk detection
- Canonical path optimization
Robots and Sitemap Checker
Validate crawlability baseline with robots.txt and sitemap checks, conflict detection, and indexability guidance.
- Crawl-policy conflict checks
- Sitemap validity signals
- Indexability remediation plan
Mixed Content Checker
Find HTTP asset references on HTTPS pages and prioritize mixed-content remediation.
- Active/passive mixed-content split
- Insecure asset evidence
- HTTPS migration priorities
TLS Deep Analysis
Inspect protocol support, certificate lifecycle, cipher posture, and chain trust in detail.
- Protocol and cipher risk analysis
- Certificate lifecycle alerts
- Chain trust diagnostics
Email Security Checker
Review SPF, DKIM, and DMARC maturity with spoofing exposure and deliverability guidance.
- SPF, DKIM, and DMARC maturity scoring
- Spoofing exposure indicators
- Deliverability and enforcement actions
Website Technology Fingerprint
Discover exposed technology fingerprints, disclosure headers, and stack hardening opportunities.
- Multi-signal stack fingerprinting
- Disclosure risk prioritization
- Platform hardening checklist
Passive Subdomain Discovery
Run low-noise passive subdomain discovery to understand attack surface expansion opportunities.
- A, AAAA, and CNAME discovery signals
- Confidence-scored asset mapping
- Attack-surface prioritization
JS Library Vulnerability Checker
Detect JavaScript libraries, identify outdated components, and review safer upgrade priorities.
- Library and version evidence extraction
- Outdated component risk flags
- Safer upgrade recommendations
Learn How to Secure Your Website
Explore our comprehensive security guides with step-by-step tutorials and copy-paste configurations.
Want a Complete Security Assessment?
Our free tools provide quick checks. For a comprehensive vulnerability scan including XSS, SQL injection, CSRF, and 50+ security tests, try our full scanner.