Passive scan — no login required

See what hackers
see on your domain.

Enter your domain. We'll check which attacker-favorite paths are exposed, misconfigured, or wide open — in under 30 seconds.

Passive scan only · No exploitation · No login · Results in ~20 seconds

Scan Complete

0
Exposed paths
0
Needs attention
0
Properly hidden
Scanned paths

Deploy KovaShield Free → Learn More
← Scan another domain
What automated scanners look for
🔑

Config & Credentials

Environment files, API keys, and database credentials left in web-accessible paths.

/.env /config.php /.aws/credentials
🗄️

Database & Backup Files

SQL dumps, backup archives, and database management panels exposed to the internet.

/phpmyadmin /backup.sql /db.sqlite
📁

Version Control Leaks

Git repositories accidentally deployed to production, exposing your entire source code.

/.git/HEAD /.git/config /.svn/entries
🔐

Admin & CMS Panels

Default admin paths for WordPress, Laravel, Django, and other frameworks.

/wp-admin /admin/login /telescope