SepSecureAI
AI-powered security auditor & remediation advisor

Welcome to Security Command Center

Enter a website address and get a comprehensive security report as a downloadable PDF in under a minute.

Free account required. You'll confirm authorization & accept the Terms & Conditions during sign up.

Coverage — 20+ Security Domains — AI Assisted Deep Analysis
Infrastructure
5 domains
  • TLS / Certificates
    Reads live certificate metadata via crt.sh — issuer, validity window, SAN coverage and short-lived / expiring certs.
  • DNS & Email
    Resolves A/AAAA/MX/TXT over DoH and checks SPF, DKIM (common selectors), DMARC policy and DNSSEC presence.
  • Exposed Admin Surfaces
    Probes leaked kubeconfig, Spring Actuator (/env, /heapdump, /mappings), Tomcat Manager, Jolokia JMX and H2 console.
  • Transport & Redirects
    Walks the HTTP→HTTPS redirect chain, flags mixed-content references and confirms HSTS / preload strength.
  • DevSecOps Leaks
    Detects exposed .env, .git/.svn/.hg repos, backup archives, SQL dumps, Dockerfile/compose, .npmrc and CI artifacts.
Security Controls
6 domains
  • Security Headers
    CSP, HSTS, X-Frame-Options, Referrer-Policy and Permissions-Policy review.
  • Auth Surface
    Flags exposed login endpoints (/wp-login.php, /administrator, /admin) and weak hardening on session-looking cookies.
  • Cookie & Session
    Checks Secure, HttpOnly, SameSite, __Host-/__Secure- prefixes, broad Domain scope and long-lived sessions.
  • Access Control Paths
    Probes exposed admin / management consoles and unauthenticated dev tooling (/console, /manager/html, /xmlrpc.php).
  • Data Exposure
    Dotfiles, backups, SQL dumps, source maps, swagger/OpenAPI specs and indexable build artifacts.
  • Debug & Telemetry
    Detects /debug, /trace, /server-status, /server-info, Actuator /loggers and verbose error pages.
Vulnerabilities
5 domains
  • Known-Vulnerable Libraries
    Fingerprints client-side libraries (jQuery, Bootstrap, AngularJS, WordPress) and flags versions with public CVEs.
  • Outdated Components
    Identifies legacy framework versions in HTML/JS bundles and meta generators.
  • Misconfiguration
    Server / X-Powered-By / X-AspNet banners, CORS wildcards with credentials and weak CSP directives.
  • Secrets in Source
    Regex-scans inline JS, HTML and source maps for AWS, GCP, Stripe, Slack, GitHub and JWT-shaped tokens.
  • Supply Chain
    Lists third-party script origins, checks Subresource Integrity (SRI) hashes and sandboxing on embedded iframes.
Application
5 domains
  • Frontend Hygiene
    Locates publicly served .map source maps and DOM-side console / debug leakage.
  • API Surface
    Tests GraphQL introspection on /graphql, finds exposed Swagger/OpenAPI specs and audits CORS responses.
  • CMS Fingerprinting
    Detects WordPress, Joomla, Drupal markers and known sensitive paths (xmlrpc.php, wp-config backups).
  • robots / sitemap / .well-known
    Parses robots.txt, sitemap.xml and security.txt for disallowed paths and missing disclosure policy.
  • Client-Side Hardening
    Evaluates CSP strength, inline-script risk and iframe sandbox attributes in the rendered HTML.
Emerging Threats
AI-assisted
  • AI-Assisted Deep Analysis
    Anthropic Claude reviews the collected signals to surface compliance, abuse, business-logic and AI/LLM exposure risks. Advisory layer on top of the deterministic checks above.

Frequently asked questions

Is SepSecureAI free to use?

Yes. You can run a full security scan of any website you own or are authorized to test and download the PDF report for free.

What does the security scan cover?

Each scan covers OWASP Top 10 issues, SSL/TLS configuration, HTTP security headers, DNS hygiene, exposed secrets, outdated software, and authentication weaknesses, with AI-prioritized remediation steps.

How long does a scan take?

Most scans complete in under a minute and produce a downloadable PDF report.

Do I need an account to scan a website?

Yes. A free account is required so we can attribute scans to an authorized user and store your scan history securely.