Private beta · Summer 2026

Continuous external attack-surface monitoring for small teams.

Scan any public website for security, technical SEO, and code-quality issues in under a minute. 100% free — no account, no credit card, no limits.

84 automated checks Copy-paste fixes for every failure No account required 100% free
Scan your site free Learn more → See the console →
7
Specialist agents
24/7
Unblinking watch
Immutable audit
Free Scan + Free DIY Fixes

Found vulnerabilities? Fix them yourself — for free.

Every CRUCiBLE Security scan comes with free step-by-step remediation guides so you can fix issues yourself. No account required. No payment needed. We believe security knowledge should be free.

FREE — DIY Guides
Every scan result includes step-by-step instructions you can follow yourself. Clear browser cache, fix headers, harden settings, remove duplicates — all free.
FREE — Desktop Scanner
Download our Python scanner app for deep local checks: malware, WiFi security, credential exposure, system cleanup, duplicate files, startup audit.
Optional — We fix it for you
Every scan, every agent, every cleanup tool — 100% free. No hidden fees.

Scan is free. Suggestions are free. We only charge if you want us to fix it for you.

Free Cleanup & Security Guide Get a Quote (Optional)
Free Combined Audit · Security + Marketing + Code

Scan any website. 84 automated checks. No account needed.

FREE COMBINED AUDIT — 🛡️ SECURITY + 📈 MARKETING + 💻 CODE = SHIPPED SCORE

External signal only. We check what is reachable from the public internet — a passing score is a useful indicator, not a substitute for a full audit or compliance certification. Only scan domains you own or are authorized to test. Terms · Privacy

Scores delivered
Security · Marketing · Code · Shipped Score
0Accounts required
Paste a URL · run it
Copy-paste fixes
For every failure
🛡️ HTTPS + HSTS 🛡️ CSP quality 🛡️ SPF / DMARC / CAA 🛡️ Exposed .git / .env 🛡️ Cookie flags 🛡️ Mixed content 🛡️ SRI + subdomain CT 📈 Title + Meta + H1 📈 Open Graph / Schema 📈 Sitemap + robots 📱 Mobile viewport 📱 Tap ergonomics 📱 Responsive CSS 📈 CTA + analytics 📈 Alt text + copy depth 💻 Placeholder text 💻 Dead forms 💻 Alt text / a11y 💻 Broken links 💻 Heading hierarchy 💻 Unminified assets
🛡️ Security — security checks
  • SSL / TLS handshake + cipher suite
  • HSTS header + preload eligibility
  • Content-Security-Policy quality
  • X-Frame-Options + X-Content-Type-Options
  • Referrer-Policy + Permissions-Policy
  • SPF record validity
  • DMARC record + policy strictness
  • DKIM presence
  • CAA records
  • Exposed .env / .git / .DS_Store / .htaccess
  • wp-config.php / config.json / backup file leaks
  • robots.txt admin-path disclosure
  • Subdomain enumeration (CT logs)
  • Dev / staging / preview subdomain exposure
  • Cookie Secure flag
  • Cookie HttpOnly flag
  • Cookie SameSite enforcement
  • Mixed-content (HTTPS page loading HTTP)
  • Subresource Integrity (SRI) on CDN scripts
  • www ↔ apex redirect drift
  • HTTP → HTTPS forced redirect
  • Open ports + banner exposure (HEAD-only)
  • GitHub credential / token leak (public org)
  • Pwned credentials / breach exposure (HIBP)
  • Honeypot / canary token detection (Watch+)
  • Login brute-force lockout policy
  • Common admin path exposure (/admin, /wp-admin)
  • Outdated dependency versions in headers
  • Weak TLS protocol downgrade (1.0/1.1)
  • OCSP stapling + certificate revocation
  • DNSSEC enabled
  • Email-only impersonation risk (no DMARC reject)
📈 Marketing + SEO + AIO — marketing + SEO + AIO checks
  • Title tag length (≤60 chars)
  • Meta description length (≤160 chars)
  • H1 present + uniqueness
  • H2/H3 hierarchy + skip-level violations
  • Open Graph tags (og:title, og:description, og:image, og:url)
  • Twitter Card tags (twitter:card + image)
  • Schema.org JSON-LD presence
  • Organization + SoftwareApplication schemas
  • FAQPage schema (AIO — required for AI assistant recommendations)
  • llms.txt presence (AIO)
  • robots.txt — explicit Allow for GPTBot / ClaudeBot / PerplexityBot (AIO)
  • sitemap.xml validity + freshness (lastmod)
  • Canonical URL declared
  • Viewport meta tag (mobile)
  • Responsive CSS breakpoints
  • Tap-target ergonomics (≥44×44px)
  • Render-blocking JS / CSS budget
  • Above-the-fold value-prop clarity
  • CTA specificity ("Get Free Quote" vs "Submit")
  • Analytics tag presence (GA / Plausible / Vercel Analytics)
  • Retargeting pixel detection (Meta / Google)
  • "Free" / pricing visibility on homepage (AIO)
  • Comparison content ("X vs competitor" — AIO recommendation hook)
  • Author/byline schema
  • Internal linking depth (Home → Features → Pricing)
  • External link rel attributes (noopener / nofollow)
  • Image alt text density (% with alt)
  • Page load weight (HTML + critical CSS)
  • Core Web Vitals signals (LCP / CLS / INP heuristic)
  • Hreflang + language tags (multi-region)
💻 Code + a11y — code + a11y checks
  • Placeholder text / lorem ipsum
  • Generic AI-slop copy ("we deliver value-added solutions")
  • Dead forms (no action / no submit handler)
  • href="#" links going nowhere
  • Stock filenames left in (pexels-XXXX, unsplash-XXX without alt)
  • Components named Component1 / Section2 / ItemA
  • TODO / FIXME / XXX comments left in production
  • console.log() debug calls in shipped JS
  • Hardcoded "test@test.com" / "John Doe" demo data
  • Missing favicon
  • Broken / 404 internal links
  • Image alt text presence + meaningful copy
  • ARIA labels on interactive elements
  • Keyboard navigation order (tabindex)
  • Focus indicators on buttons / links
  • Color contrast (WCAG AA on body text)
  • Heading hierarchy (no skipped levels)
  • Form labels associated with inputs
  • Unminified JS / CSS asset detection
  • Console errors on page load
  • 404 asset references (broken image / script)
  • Empty footer / missing legal links
What you get

Free scanner. Free platform. More coming soon.

Crucible Security runs in the cloud — no hardware, no per-seat math. Website scanning, GitHub secret scanning, breach checks, and the desktop scanner are all free today. Advanced agents and features are being built.

🛡️

Free external scanner

84 checks across security, marketing, SEO, AIO, and code quality. No account, no credit card. Open-source on GitHub. Run it now ↑

Seven specialist agents

Live Dashboard, Dark Web Monitor, Threat Hunter, Network Watch, Auto-Response, Forensics, Compliance Reports. Each watches a different domain — together they form one orchestrated sight. Meet the agents →

🐉

Honeypot Defense — active defense Coming Soon

Honeypots, canary tokens, and decoy assets. Enterprise-grade deception tech that's normally five figures a year. Learn more →

Free Browser Security Check

System Health Check — instant, no install needed.

This runs entirely in your browser. Nothing is uploaded. Nothing is stored. Just a quick snapshot of your browser's security posture.

Early access

Join the watch. Before the next breach joins you.

Everything is free. Sign up for early access to new features and agents as they ship.

No spam. Beta invites only. One email a month, max.
✓ You're on the list. Check your inbox for a confirmation from Crucible Security.