Get an instant view of your CDN and WAF coverage, DNS health, open subdomains, and edge configuration. No account needed, no limits on free scans.
For example.com
Every scan fingerprints the CDN and WAF in front of your site, confirms whether traffic actually flows through them, and checks whether your origin can be reached directly. An origin that bypasses your WAF is one DNS lookup away from a problem.
Bucket files.example.com lists contents publicly; data exposure is live.
Cloudflare is fronting the apex and www records.
Bypassing the CDN exposes the origin to direct attacks.
Several managed rules log without blocking; expected behavior in staging only.
FlawPilot inspects DNS records (A, AAAA, CNAME, MX, TXT, CAA), checks DNSSEC and email auth posture, and enumerates subdomains from public sources to surface forgotten endpoints. Dangling CNAMEs, stale dev hosts, and exposed buckets all show up here.
Without DNSSEC, responses for your zone can be forged in transit.
Points to an unclaimed Azure storage host and is vulnerable to subdomain takeover.
Email can be spoofed; add an SPF record and consider DMARC.
CAA limits issuance to your approved certificate authorities.
Public buckets and stray open ports are the classic source of weekend incidents. FlawPilot probes for common storage misconfigurations, exposed admin panels, and ports left open on the origin so you can shut them down before a scanner finds them first.
Bucket files.example.com lists contents publicly; restrict via bucket policy.
Allowlist only CDN egress IPs at the origin firewall.
Development server is publicly reachable on the origin host.
Submit the apex domain to the HSTS preload list to prevent first-hit downgrade.
Free, instant results. Enter any URL and see your edge, DNS, and storage posture in seconds.
