Public-domain validation
The scanner rejects private, loopback, reserved, and non-resolving targets to reduce server-side request forgery risk.
SiteThreat is intended for site owners, administrators, developers, and professionals with explicit permission to assess a domain.
The scanner rejects private, loopback, reserved, and non-resolving targets to reduce server-side request forgery risk.
Checks are limited to a predefined list of common accidental-exposure paths. It does not brute-force passwords, exploit software, or alter remote systems.
Only a bounded response sample is inspected to classify risk. Reports should avoid retaining secrets or full sensitive files.
Users must own the target or have explicit authorization. Unauthorized security testing may violate contracts, provider rules, or applicable law.
Production deployment should enforce per-IP, per-domain, and per-account limits to prevent abuse and excessive traffic.
If you discover a vulnerability belonging to another organization, notify the owner privately and avoid publishing sensitive details.
Use the results to remediate—not to exploit.