Free Forever · No Sign-Up

Security tools for
builders who give a damn.

Run instant, passive security checks on any website, domain, or password. No accounts, no upsells, no data hoarding — built by the pentesters at Lorikeet Security.

Pick a Tool See ASM Plans

5 Free Tools

60+ Security Checks

<30s Avg Scan Time

0 Data Stored

HSTS Enforced max-age=31536000

Missing CSP XSS risk · HIGH

lorikeet—scanner

Live

$ lorikeet scan --target example.com

[init] Resolving target… 93.184.216.34

[01] ✓ HTTPS redirect enforced

[02] ✓ HSTS header present (max-age=31536000)

[03] ✓ TLS 1.3 supported · A+ grade

[04] ✗ Content-Security-Policy missing

[05] ! X-Frame-Options weak (SAMEORIGIN)

[06] ✓ SPF / DKIM / DMARC validated

[07] ✗ Server header leaks (nginx/1.18)

[08] ✓ Cookie security flags OK

Score: 82/100 · 25 checks · 18 passed

Free Toolkit

Five scanners. Zero friction.

Each tool runs the same checks our pentesters use on day-one engagements. Pick one and get a result in under thirty seconds.

Most Used

Web Security Scanner

Headers, TLS, cookie flags, server fingerprints, redirects, and common misconfigurations.

HSTS CSP X-Frame +22 more

~20s · 25 checks

A+ Grade

SSL Certificate Checker

Certificate chain, expiry windows, protocol support (TLS 1.0–1.3), and cipher suites.

Chain Expiry Ciphers +12 more

~10s · 15 checks

10 Records

DNS Lookup

A, AAAA, MX, NS, TXT, CNAME, SOA, CAA, and PTR records resolved instantly with TTLs.

A / AAAA MX TXT +7 more

~5s · 10 types

Anti-Spoof

Email Security Scanner

SPF, DKIM, DMARC, MTA-STS, and BIMI configuration. Surface impersonation and spoofing risks.

SPF DKIM DMARC +7 more

~15s · 10 checks

Client-Side

Password Strength Checker

Entropy analysis and crack-time estimates. Runs 100% in your browser — never sent anywhere.

Entropy Crack time Breaches

Local-only · Instant

Q3 2026

More tools shipping soon

Subdomain enumeration, port reachability, and a JWT decoder are next. Got a request?

Subdomains Ports JWT

hello@lorikeetsecurity.com

Trusted by security teams at

Free vs Continuous vs Manual

Where these tools stop, we keep going.

A free scan tells you whether the front door is locked. Real attackers care about the rest of the house.

These Tools

Free Scanners

$0 forever

Security header & TLS checks
DNS & email auth lookups
Password entropy analysis
Point-in-time snapshot
3 scans / day, per tool

Try a Tool

Continuous Monitoring

ASM Platform

$29.99 / month

Everything in Free, monitored 24/7
Subdomain & asset discovery
AI-powered finding triage
Slack / email alerts on change
Executive PDF reports

Start 14-Day Trial

Human Pentesters

Professional Test

$7.5k+ per engagement

Business logic flaw hunting
Auth & authorization bypasses
Injection (SQL, XSS, SSTI, SSRF)
API & access control deep-dive
Compliance-grade report + retest

Get a Quote

Ready for the deep dive?

Free tools find the obvious.
We find everything else.

Free scans catch basic misconfigurations. A Lorikeet Security pentest uncovers business logic flaws, auth bypasses, injection vectors, and the hundreds of attack paths automated tools miss.

Book a Scoping Call View ASM Plans

24hr proposal turnaround Free retest included 170+ engagements delivered

Security tools forbuilders who give a damn.