30+ Automated Security Checks

Laravel Ignition Exposure

Checks if Laravel Ignition error page is exposed in production.

Easy fix 5 minutes

Laravel Telescope Exposure

Checks if Laravel Telescope debugging tool is exposed in production.

Easy fix 10 minutes

Laravel Debug Mode

Checks if Laravel debug mode is enabled in production.

Easy fix 5 minutes

CSRF Protection

Verifies CSRF token implementation on forms and APIs.

Easy fix 10 minutes

File Upload Security

Tests file upload endpoints for security vulnerabilities.

Medium fix 30 minutes

Session Configuration

Validates session security settings and configuration.

Easy fix 10 minutes

Nikto Web Server Scan

Scans web servers for dangerous files, outdated software, and misconfigurations using Nikto. Requires domain verificatio...

Medium fix 30 minutes

SQL Injection Scan

Automated SQL injection detection and testing using SQLMap. Requires domain verification.

Hard fix 1-2 hours

Technology Fingerprinting

Identifies web technologies, frameworks, and their versions for vulnerability assessment using WhatWeb.

Easy fix 15-20 minutes

WordPress Security Scan

Scans WordPress sites for vulnerable plugins, themes, and core version issues using WPScan.

Medium fix 30-60 minutes

Web Application Vulnerability Scan

Scans web applications for XSS, XXE, SSRF, and other OWASP vulnerabilities using Wapiti. Requires domain verification.

Hard fix 1-3 hours

Brute Force Protection

Tests if login page blocks repeated failed login attempts.

Easy fix 15 minutes

JWT Token Security

Detects weak JWT tokens (HS256, missing exp).

Medium fix 30 minutes

CORS Misconfiguration

Identifies insecure CORS headers (Access-Control-Allow-Origin: *).

Medium fix 20 minutes

API Rate Limiting

Checks if API endpoints implement proper rate limiting.

Easy fix 15 minutes

Subdomain Takeover

Detects unclaimed subdomains pointing to external services.

Medium fix 30 minutes

Email Security

Checks email configuration for security best practices.

Medium fix 45 minutes

DNS Reconnaissance

Comprehensive DNS enumeration and zone transfer testing using DNSRecon.

Medium fix 30-45 minutes

Subdomain Discovery

DNS reconnaissance and subdomain discovery using Fierce.

Medium fix 30 minutes

Exposed .env Files

Checks if .env files are publicly accessible.

Easy fix 5 minutes

Directory & File Exposure

Scans for publicly accessible sensitive files (logs, .git).

Easy fix 5 minutes

Sensitive Laravel Files

Checks for exposed sensitive Laravel files (.git, logs, config).

Easy fix 10 minutes

Directory Bruteforce Scan

Discovers hidden directories and files using dictionary-based brute forcing with Gobuster. Requires domain verification.

Medium fix 20-30 minutes

Security Headers

Detects missing headers (CSP, HSTS, X-Frame-Options).

Easy fix 10 minutes

SSL/TLS Security

Checks SSL expiration, weak ciphers, and HSTS.

Medium fix 45 minutes

Cloud Storage Exposure

Detects public AWS S3, GCP, and DigitalOcean buckets.

Medium fix 20 minutes

Nmap Port Scanning

Comprehensive network and port scanning with service version detection using Nmap.

Hard fix 1 hour

IP Reputation

Checks if the domain IP is listed in abuse databases.

Medium fix 30 minutes

DNS Security

Checks DNS configuration and security settings.

Medium fix 30 minutes

WAF Detection

Detects the presence and type of Web Application Firewall protecting the target using wafw00f.

Easy fix 15-30 minutes