Web Surface Scanner
Probe a site for exposed config files and interesting paths. Only scan sites you own or have explicit permission to test.
Probes sensitive paths and CMS signatures (WordPress, Drupal, Joomla, etc.) to detect platform and exposed files.
Cross-origin scans need Use CORS proxy. If one proxy returns 403, try the other.
What it looks for
Environment & secrets
VCS metadata
Backups & exports
Config & logs
Results
| Path | Status | Bytes | Risk | Platform |
|---|---|---|---|---|
| No requests yet. | ||||
Idle.
Detected platform
—