NsLookup logo

Security Scanner

Use responsibly. Scan only websites you own or are authorized to test. This tool is designed to help improve security misconfigurations, missing headers, exposed files, and more — not to attack systems.

What does the security scanner check?

Security Headers

Checks for essential HTTP security headers like X-Frame-Options, Strict-Transport-Security, Content-Security-Policy, and X-Content-Type-Options. Missing headers can leave your site vulnerable to clickjacking, man-in-the-middle, and content injection attacks.

Exposed Files

Detects accidentally exposed files such as .env, .git, phpinfo.php, and configuration backups. These files can leak credentials, source code, and sensitive configuration data.

Server Configuration

Identifies server version disclosure, dangerous HTTP methods (PUT, DELETE), cookie security issues, and outdated software. These misconfigurations can be exploited by attackers.

Information Disclosure

Finds unintentional information leaks through headers like X-Powered-By, IP addresses in cookies, directory listings, and robots.txt entries that reveal sensitive application paths.

How does it work?

The scanner performs a targeted analysis of your website using a curated database of security tests. It checks security headers, probes for known file exposure patterns, verifies server configurations, and identifies potential information disclosure issues — all within about 30 seconds.

Results are classified by severity (Critical, High, Medium, Low, Info) to help you prioritize remediation efforts.

Acceptable Use & Legal Disclaimer

This security scanner is provided for defensive and educational purposes only.

By using this tool, you confirm that:

  • You own the website being scanned or have explicit authorization from the owner to perform security testing.
  • You will use the scanner only to identify and remediate security issues, not to exploit or harm systems.
  • You will not use this tool to target websites, servers, or applications without permission.

Unauthorized security testing, probing, or scanning of systems you do not own or control may be illegal and could result in civil or criminal penalties.

No Exploitation Policy

This scanner:

  • Does not perform active exploitation
  • Does not bypass authentication
  • Does not attempt to access protected data

Any findings are informational and intended to help improve security posture—not to enable attacks.

Limitation of Liability

The results provided by this scanner are:

  • Best-effort assessments, not guarantees
  • Based on observable behavior at the time of scanning
  • Not a substitute for a full penetration test or professional security audit

We are not responsible for actions taken based on the scan results or for misuse of this tool.