SecTest scans your website for security misconfigurations, expired certificates, missing headers, known CVEs, and OWASP Top 10 issues — in under 60 seconds. No account. No credit card. Free.
Every scan covers the full attack surface — from TLS configuration and HTTP headers to exposed paths, CMS versions, and DNS records.
Certificate validity, expiry, chain of trust, weak ciphers, and protocol version checks.
Detects missing or misconfigured headers that expose your site to XSS, clickjacking, and MIME sniffing.
Scans common ports for unexpected exposure of databases, admin panels, and debug endpoints.
Fingerprints your CMS, frameworks, and plugins then cross-references against known CVEs.
Validates SPF, DKIM, and DMARC records to protect your domain from spoofing and phishing attacks.
Tests for mixed content, reflected XSS indicators, directory listing, and common injection vectors.
No installation, no signup. Paste a URL and get actionable results.
Paste any publicly accessible URL — your homepage, checkout page, or API endpoint. HTTP and HTTPS both work.
Our scanner probes SSL configuration, HTTP headers, DNS records, open ports, software versions, and known vulnerability patterns.
Results arrive in under 60 seconds with a security score, severity-ranked findings, and plain-English remediation steps for each issue.
Every finding includes a severity rating, what was found, why it matters, and exactly how to fix it — no security expertise required.
12 issues found · 3 critical
Most sites fail at least 3 security checks on first scan. It takes 60 seconds to know where you stand.
No plans, no limits, no upsells. SecTest is a free tool from Salloq Software.
47 checks run in parallel. Most scans complete in under 60 seconds.
Read-only passive scanning. We never attempt to exploit anything we find.