Fourteen lookups, zero sign-up. DNS, reverse DNS, security headers (A+→F), TLS certificate transparency, tech stack, email auth posture (SPF/DMARC/DKIM), DNSSEC, DNS propagation across 5 resolvers, WHOIS via RDAP, cookie security audit, HSTS preload status, multi-source threat intelligence (Shodan / URLhaus / ThreatFox / CIRCL CVE / crt.sh), DNSBL blacklist check across 4 lists, and CryptoCheck — TLS version, cipher suite, HSTS, cookie hygiene, post-quantum readiness graded A+→F with a viral SVG badge.
No login · 30 calls / hour / IP · EU data residency
Enter a hostname to look up A, AAAA, MX, NS, TXT, CNAME, SOA, CAA records.
Resolve a public IP back to its PTR records (hostname).
Checks a public IPv4 against 4 major DNS blacklists (Spamhaus ZEN, Barracuda, SpamCop, PSBL). Useful before launching a mail server or diagnosing deliverability problems.
Score the target's HTTP security headers — HSTS, CSP, COOP, CORP, X-Content-Type, frame-ancestors, etc. Letter grade A+ to F.
Pulls every issued certificate from public Certificate Transparency logs (crt.sh). Shows issuer, expiry, SAN list, serial.
Identify CDN, web server, framework, analytics, payments, CMS — based on response headers + first 100 KB of HTML.
Queries 5 public DoH resolvers (Cloudflare, Google, Quad9, AdGuard, OpenDNS) in parallel. Useful when DNS changes are mid-propagation.
Pulls SPF, DMARC, DKIM (common selectors), MTA-STS, and MX records. Flags spoofing-friendly policies before an attacker finds them.
Looks for DS and DNSKEY records and reports whether the resolver was able to authenticate the chain. Unsigned zones are vulnerable to DNS hijacking.
RFC 7482 RDAP lookup. Returns registrar, creation / update / expiry dates, status flags, and nameservers — no HTML scraping.
Probes the URL and grades every Set-Cookie response: Secure, HttpOnly, SameSite, Domain, Max-Age. Highlights session cookies missing the XSS-safe flags.
Queries hstspreload.org for the domain's current status — preloaded, pending, removed, or unknown. Preloading guarantees the first request is HTTPS.
Aggregates Shodan InternetDB exposure, URLhaus malware hosting reputation, ThreatFox IOCs, CIRCL CVE-search, crt.sh certificate-transparency footprint, and IP ASN/geo into one keyless lookup. Results cached 1 hour. 10 calls / minute / IP.
Cryptographic hygiene, made simple. Grades TLS version, cipher suites, HSTS header, HSTS preload list, cookie flags, and post-quantum readiness — returns an A+→F score with a viral SVG badge.
Run a real penetration test on the same target.
The free toolkit answers "what's exposed?" — but what about "what is exploitable?". AssurePort's AI pentest pipeline produces proof-of-concept evidence and remediation code in your stack's language. From $99 for a Starter scan, no card required to sign in.