SecScan
Scan
External attack surface scanner

See your attack surface the way an attacker does.

SecScan maps your external exposure — TLS, headers, DNS, exposed files and open services — and flags what’s actually being exploited in the wild.

Reads public configuration only. No intrusive testing. No signup.

secscan — passive
$ secscan scan example.com
→ resolving · TLS · headers · DNS · exposure
 
FAIL  ssl-strip exposure        no HSTS + plaintext
WARN  content-security-policy   header absent
WARN  x-frame-options           header absent
KEV   CVE-2023-34362            actively exploited
 
grade  C · 9 findings · 1 high
  • TLS
  • Security headers
  • Email / DMARC
  • Exposed files & secrets
  • Open services
  • Known-exploited CVEs (CISA KEV)
Why SecScan

We flag what’s actually being exploited — not a 200-item checklist.

KEV-PRIORITIZED

We flag what’s being exploited

Findings cross-referenced against the CISA Known-Exploited Vulnerabilities catalog. Ransomware-linked issues rise to the top — not buried in a 200-item checklist.

ATTACK SURFACE

Mapped from the outside

Subdomains, TLS, headers, DNS, exposed files and open services — seen exactly as an external attacker sees them, with no agent to install.

RANKED FIXES

Remediation you can paste

Every finding pairs an observed value with the exact expected one, plus a copy-paste fix for your server, CDN or framework.

Free, open, no signup

Try a free check now.

Live

Security Headers Checker

HSTS, CSP, X-Frame-Options and more — pass/fail with exact fixes.

Soon

Website Security Score

A–F grade across headers, TLS and exposed files in one read.

Live

Email / DMARC

SPF, DMARC and DKIM — is your domain spoofable?

What you get

A grade, then the fixes.

C72/100

Every scan returns a clear grade and a ranked, fix-first list of findings.

HSTS not enforced

high
observed
— (absent)
expected
max-age>=31536000; includeSubDomains

Without HSTS a first request can be downgraded to plaintext HTTP and intercepted before the redirect to HTTPS.

Fix: Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

Content-Security-Policy absent

medium
observed
— (absent)
expected
default-src 'self'

No CSP means the browser has no allow-list for scripts, weakening defence against cross-site scripting.

Fix: Add a Content-Security-Policy starting from default-src 'self' and tighten iteratively.

The full external scan

How the pilot works.

01

Request

Tell us the domain and confirm you’re authorized. Takes a minute.

02

We scan

An operator runs a full external scan under captured consent — including active checks.

03

You get a report

A ranked, fix-first report: what’s exploited, what’s exposed, what to do.

Request your free full scan
FAQ

Questions, answered.

Is the scan intrusive?

The free checkers are passive — they only read publicly available configuration, the same thing any browser sees. Active checks happen only in the full pilot, under your written authorization.

Do I need to install anything?

No. SecScan scans from the outside, the way an attacker would. There’s no agent and no access to your servers.

What makes this different from a 200-item checklist?

We cross-reference findings against the CISA Known-Exploited Vulnerabilities catalog, so issues that are actually being exploited in the wild rise to the top instead of drowning in low-severity noise.

Is it really free?

The checkers are free and open — no signup. The full external scan pilot is also free; it’s run manually by an operator and returned as a report.

Start your free external scan.

See what an attacker sees in seconds. Passive, open, no signup.

Scan a domain