Free Security Check: See Your Attack Surface the Way an AI Attacker Does

Run a free external attack surface scan in about 30 seconds, no signup. Pinaka maps your domain the way an AI attacker would, then ships every finding with a ready-to-paste fix for Claude Code, Cursor, or your own agent.

What the security check looks at

Thirteen external checks across the surface an attacker reaches first, with no access to your systems required.

Subdomains and exposure

Discovers public subdomains and live hosts, the assets an attacker enumerates before anything else.

TLS and HTTPS

Checks certificate health, TLS configuration, and whether HTTPS is enforced across the domain.

Security headers

Inspects HSTS, Content-Security-Policy, X-Frame-Options, and the other response headers that harden a site.

Email authentication

Validates SPF and DMARC so attackers cannot trivially spoof your domain in phishing.

Leaked secrets and cookie flags

Surfaces exposed secrets and missing cookie flags (Secure, HttpOnly, SameSite) that weaken sessions.

Technology fingerprinting

Identifies the frameworks and services running on your domain, the same fingerprint an attacker maps.

How it works

Enter a domain and Pinaka runs passive, external checks, nothing intrusive and no credentials needed. You get a clear report in about 30 seconds with the most important issues first. Every finding includes a fix written to paste straight into a coding agent, so the report turns directly into remediation.

Frequently asked questions

Is the security check free?

Yes. The external scan runs with no signup. Additional checks are available with a free account.

Is the scan safe to run?

Yes. It only performs passive, external checks against publicly reachable information. It does not log in, exploit, or touch internal systems.

How long does it take?

About 30 seconds for the external checks.

What makes this different from a normal scanner?

It shows what an AI attacker sees, and every finding ships with a ready-to-paste fix for your agent.

book a demo for continuous monitoring, or track actively exploited CVEs.