Find What You're Exposing
Before Hackers Do
One scan. Full picture. SSL, headers, exposed paths, DNS, subdomains, tech stack, open ports, reputation. All server-side in seconds.
Fix These Issues — Get Expert Help
Your scan found critical security gaps. Our team can secure your infrastructure step by step — SSL, headers, exposed paths, and more.
About the Exposure Checker
The Exposure Checker is a comprehensive, server-side security scanner that performs a full assessment of any public domain in a single API call. It is designed for developers, sysadmins, and security engineers who need a fast, authoritative view of a domain's attack surface before a threat actor gets there first.
SSL Certificate Check
SSL/TLS certificates are the foundation of web security. An expired certificate causes browser warnings and immediate trust loss. The scanner queries Certificate Transparency logs via crt.sh to retrieve the most recent certificate, calculates days remaining, and inspects the full chain. Certificates expiring within 30 days trigger a warning; expired certificates are flagged as critical.
Security Headers
HTTP security headers are the fastest, cheapest mitigations against XSS, clickjacking, MIME sniffing, and information leakage. The scanner evaluates six critical headers: Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Missing headers deduct points from the overall score.
Exposed Paths
A publicly accessible /.env exposes database credentials and API keys to anyone. An exposed /.git/config leaks your entire repository history. /phpinfo.php hands an attacker your exact server configuration. The scanner probes 20+ known-sensitive paths server-side, bypassing CORS restrictions that client-side tools cannot overcome.
DNS & Email Security
DNS records reveal your infrastructure topology. Email authentication records are critical to preventing phishing: SPF lists authorized mail senders, DKIM cryptographically signs outgoing email, and DMARC instructs receiving servers what to do when SPF/DKIM checks fail. A missing DMARC record is one of the most exploited vectors for brand impersonation.
Subdomain Enumeration
Forgotten subdomains are a major attack vector — dev environments, staging servers, and old API endpoints running unpatched software are routinely discovered and exploited. The scanner enumerates common subdomains to surface your full public DNS footprint.
Technology Detection
Response headers fingerprint your stack. The Server header reveals the web server and version. The X-Powered-By header discloses your backend language. Version exposure helps attackers target known CVEs. Best practice is to suppress or genericize these headers in production.
Scoring
The grade (A–F) is computed from a 100-point baseline. Critical findings (exposed .env, expired SSL, missing CSP) deduct significant points. Warnings (expiring SSL, partial email security) deduct smaller amounts. An A means a well-hardened domain. An F means significant, immediately actionable exposure exists.