Sherlock Forensics provides a free interactive website security testing tool that walks site owners through the same passive reconnaissance checks and guided tests that attackers use. The tool checks security headers, exposed paths, DNS email authentication, SSL certificates and common login vulnerabilities through a step-by-step guided process.
Frequently Asked Questions
Is this tool safe to use?
Yes. The server-side scan only performs passive checks using publicly available information like HTTP headers, DNS records and SSL certificates. The guided tests in Steps 2 and 3 are instructions you follow manually in your own browser. Nothing is automated against your server.
Will this hack my website?
No. This tool does not exploit any vulnerabilities. It checks what information is publicly visible and guides you through basic security tests you perform yourself. It is educational, not offensive.
What does this test check?
The tool checks security headers (CSP, HSTS, X-Frame-Options), exposed sensitive paths, DNS email authentication (SPF, DKIM, DMARC), SSL certificate validity and guides you through login security tests and browser developer tool inspections.
Is this a real penetration test?
No. This tool covers approximately 11 basic checks. A professional penetration test from Sherlock Forensics covers 200+ attack vectors including business logic flaws, authentication bypass, privilege escalation, API security and more. This tool shows you the surface - a pentest goes deep.