Automated Vulnerability Scanning

Find vulnerabilities
before attackers do.

Scan any website for XSS, SQL injection, misconfigurations, open ports and more — results in seconds, no setup required.

https://

Free scan · No account required · Results in under 30s

Create Free Account Go to Dashboard
8+
Security tools
OWASP
Top 10 coverage
<10s
Avg. scan time
0
Setup required

What we scan for

Complete attack surface coverage

We don't just check a CVE database — we simulate real attacks against your target to surface actual vulnerabilities.

XSS Detection
Injects payloads to detect reflected and stored Cross-Site Scripting vulnerabilities across form inputs and URL parameters.
SQL Injection
Tests target endpoints for SQL injection vectors including error-based, boolean-blind and time-based techniques.
Security Headers
Audits HTTP response headers for missing or misconfigured CSP, HSTS, X-Frame-Options and other critical directives.
Port Scanning
Maps exposed services and open ports on the target host to identify unnecessary attack surface and risky configurations.
Subdomain Enumeration
Discovers forgotten or shadow subdomains that could expose admin panels, staging servers or unpatched services.
Technology Detection
Fingerprints the tech stack — frameworks, CMS, libraries and versions — to map known CVEs to the target.
SSL / TLS Audit
Validates certificate chain, expiry, cipher strength and HTTPS redirect enforcement to catch cryptographic failures early.
Threat Intelligence
Cross-references domains against threat feeds to detect phishing infrastructure, malware distribution and impersonation attempts.

Security tools

Everything in one dashboard

XSS Exploiter
SQL Injector
Security Headers
Port Scanner
Subdomain Scanner
Tech Detection
Threat Scanner
SSL Audit
Get full access free

Coverage

OWASP Top 10
focused coverage

Our scanning engine is mapped against many categories in the OWASP Top 10 — the industry-standard benchmark for web application security risk.

Start scanning
A1 Broken Access Control
A2 Cryptographic Failures
A3 Injection
A4 Insecure Design
A5 Security Misconfiguration
A6 Outdated Components
A7 Auth Failures
A8 Integrity Failures
A9 Logging Failures
A10 SSRF

Built for

pentestnet is for everyone securing the web

Developers
Catch vulnerabilities before they reach production. Integrate scans into your workflow without leaving the browser.
Web Agencies
Offer security scanning as a premium add-on. Generate client-ready reports with a single click and protect your reputation.
Security Teams
Automate recurring asset scans, triage findings fast and maintain continuous visibility across your attack surface.
IT Service Providers
Monitor client infrastructure, meet compliance requirements and demonstrate proactive security posture to stakeholders.

How it works

Three steps to a free security report

1
Enter your URL
Paste your domain or IP into the scan bar. No account or configuration needed for a quick scan.
2
We run the attacks
Our engine simulates real-world attack vectors — injection, header checks, port enumeration — against your target.
3
Review your report
Get a clear security score, a list of findings with severity levels, and actionable remediation guidance.
4.000+
Scans Run
300+
Clients Protected
9.000+
Vulns Discovered
99%
Satisfaction Rate

Your website is being scanned
by attackers right now.

Find the gaps before they do. Create a free account and run unlimited quick scans.

Get Started — It's Free View API Docs