Online scanner for security holes

Please test responsibly. All tests details are logged. Do not test against websites that you do not have permission to test against. All data is archived in case of abuse.


  • 30 Jule 2015 - New check! XSS via HOST header (up to 12 different vectors)
  • 10 April 2015 - New check! HTTP traceroute can disclose internal reverse proxies. Thx to for idea and tool and for suggestion
  • 03 April 2015 - Extending sensetive files list. Thx to
  • 31 Mar 2015 - New check! Searching info about target (only domain) in google via theHarvester tool
  • 29 Mar 2015 - Improved "http sensetive files" check - test for random file before scan (prevents false positive results). Improved logic of "dns axfr check" - if subdomain is provided and no NS servers are found - check NS servers of main (2nd level) domain. Best logic for this check. Also show all scans that were done for provided target. And small fix - handle situation when all ports for exists checks are closed.
  • 27 Mar 2015 - Improved "http sensetive files" check - do two different scans (for http and https is available). Fixed bug with ftp anon check (now it can complete correctly). All unfinished scans are completed.
  • 19 Mar 2015 - New check: ftp anon connection. Some interface updates.
  • 9 Mar 2015 - Huge update! New design, background jobs and new checks: dns amplification, anon connections to memcache/redis/mongodb. Start to store statistic
  • Feb 2013 ~ Feb 2015 - undocumented improvements
  • 23 Jan 2013 - A simple version that can find all DNS servers for provided domain and check them for AXFR queries