All Tools For Domainers Security Domain Checker DNS Lookup SSL Checker Subdomains Tech Stack Reputation

Website Vulnerability Scanner

Find exposed software, risky configurations, and known affected versions across a public website. Every result explains what was checked, why it matched, and how strong the evidence is.

Checking exposed software and security posture...
Vulnerability Intelligence Results
Interactive intelligence tool

Run the check, then ship the workflow

Use the browser tool for a fast answer, then move the same logic into scripts, monitoring, or product flows when it becomes repeatable.

1
Start with the live form

Enter a domain, URL, IP, email, or record and get a focused result without setup.

2
Review decision-ready signals

Outputs highlight statuses, risks, records, and next actions instead of raw provider noise.

3
Automate the winning workflow

Use the request and response examples to turn a one-off check into an API call or recipe.

What this tool helps you decide

Each page is shaped around a practical operational question, not just a raw lookup.

Signal

See the current DNS, registration, security, pricing, or reputation evidence.

Context

Compare the result with related checks so the next move is easier to trust.

Action

Copy examples, open linked tools, or move into API documentation when you need scale.

Trust signals before you integrate

Transparent docs, authenticated requests, and visible reliability details make it easier to evaluate DomScan before you ship.

Service status API artifacts

OpenAPI, Swagger, Postman, CLI, SDK, and MCP links are one click away.

API keys Protected access

Authenticated endpoints use API keys with clear credit costs before you call them.

Free allowance Sign Up for Free

Start with 10,000 monthly credits and upgrade only when usage grows.

Active Example Request

Start from the curl and HTTP samples, then map the parameters into your application code.

Key Features

Evidence-First Findings

See the observed component, version evidence, advisory identifiers, affected ranges, and important limitations.

Exploitation Priority

Prioritize exact version matches with CISA known-exploitation evidence and FIRST EPSS probability.

Honest Coverage

Unknown, partial, and unavailable checks remain visible instead of being presented as a clean result.

Example Request

GET /v1/vulnerabilities?domain=example.com HTTP
GET /v1/vulnerabilities?domain=example.com&mode=standard

Example Response

Vulnerability Intelligence Results JSON
{
  "summary": {
    "posture": "review",
    "risk_level": "medium",
    "finding_count": 2,
    "version_affected_count": 1
  },
  "findings": [{
    "classification": "version_affected",
    "severity": "high",
    "priority": "high",
    "component": {
      "name": "jQuery",
      "detected_version": "3.4.1"
    },
    "advisory": {
      "id": "GHSA-gxr4-xjj5-5px2",
      "cves": ["CVE-2020-11022"]
    }
  }]
}

Built from the same API surface

The browser experience previews DomScan's structured endpoints, so teams can validate a use case before writing code.

Frequently Asked Questions

Does this scan exploit the website?

No. This release performs passive public-response inspection, exact advisory correlation, and isolated rendering. It does not send exploit payloads.

What counts as a detected vulnerability?

An affected-version finding requires a reviewed package mapping, an observed compatible version, and an authoritative OSV affected-range match. Configuration findings are reported separately.

What does a clean result mean?

It means DomScan did not detect an issue within the checks that completed. It does not prove the application is secure.

Related Tools & Resources