Threat intelligence

Six attack surfaces. Real data.

We probe your live configuration — not estimates or scrapes — across the same dimensions auditors and insurers care about.

🔒CERTIFICATE

SSL / TLS

Live cert chain analysis: grade, issuer, protocol, cipher suite, expiry countdown, every SAN.

✓Root CA

✓Intermediate

✓Your Cert

TLS 1.3 · valid 170 daysA+

📧ANTI-SPOOF

Email Security

SPF policy depth, full DMARC tag parsing, DKIM selector discovery, MX verification.

▸TXT v=spf1 include:_spf.google -all✓

▸TXT _dmarc p=reject pct=100✓

▸TXT *._domainkey k=rsa; p=...✓

Phishing protection activeA

🛡️BROWSER

HTTP Headers

HSTS, CSP, X-Frame, Content-Type, Referrer, Permissions and server software disclosure.

✓HSTS

✗CSP

✓X-Frame

✓XCTO

✓Referrer

✗Perms

4 / 6 setB

🌐INFRASTRUCTURE

DNS Records

A/AAAA, MX with priority, NS, CAA, SOA, TXT records — and the gaps that let attackers in.

A104.21.42.1

MXaspmx.google.com

NSns1.cloudflare

CAA0 issue "letsencrypt"

📋REGISTRATION

WHOIS & Domain

Registrar identity, expiry countdown, name servers, WHOIS privacy protection status.

RegistrarCloudflare

PrivacyProtected

Expires390 days

💧EXPOSURE

Breach Data

Cross-references your domain against major breach databases and paste sites.

0 active breaches

SHA256f4a2b9e1...✓

SHA256d82c1ea7...✓

SHA256a19f3ce4...✓

SHA2567b2e5d8a...✓

The engine

One pipeline. Two agents. Zero noise.

A specialised AI pipeline researches and compiles your security posture. Accuracy, not guesses.

🌐

INPUT

/ 01

You enter your domain

🔭

RECON

/ 02

Mapping the attack surface

⚙️

FORGE

/ 03

Compiling structured findings

📊

REPORT

/ 04

Delivered in under 2 minutes

cqwerty-shield · pipeline v2

~2 min average·18+ checks per scan

What you get

A report that actually helps.

Real data. Real findings. Real fix instructions. Not a score out of 100 and a shrug.

cqwerty.com/results/example-job-id/v2

SECURITY REPORT

example.com

MEDIUM RISK3 issues7 secure

72/100

SSLA+

EmailB

HeadersC

FINDINGS PREVIEW

⚠️

Missing CSP header

HIGH

Content-Security-Policy is not set. Users vulnerable to XSS attacks.

✓

DMARC strict

Your DMARC policy is p=reject pct=100 — strongest configuration.

No CAA records

MED

CAA missing. Any CA can issue certs for your domain.

Featured — CVE Intelligence

CVE · CWE · KEV · MITRE ATT&CK

Every finding, cross-referenced.

We don't just tell you what's wrong — we cite it. Each finding links to the industry frameworks your auditors, insurers, and incident responders already use.

1,559+

KEV CVEs tracked

Actively exploited

250k+

NVD database

Full CVSS lookup

Industry standards

NVD · KEV · CWE · MITRE · OWASP · PCI

24h

Refresh cycle

Always current

CVE

CVE· NVD

National Vulnerability Database — every CVE with CVSS base scores, attack vectors, and published dates.

KEV

KEV· CISA

Known Exploited Vulnerabilities catalog — CVEs confirmed to be actively exploited in the wild. Updated daily.

CWE

CWE· MITRE

Common Weakness Enumeration — the taxonomy of software flaw categories auditors use to classify findings.

ATT&

ATT&CK· MITRE

Adversary Tactics, Techniques & Common Knowledge — mapped to every finding so you know how attackers exploit it.

OWAS

OWASP Top 10· OWASP

Industry-standard ranking of the most critical web application security risks. A01 through A10.

PCI-

PCI-DSS v4.0· PCI SSC

Payment card industry requirements — flagged whenever a finding affects compliance scope.

KEV

CISA Known Exploited Vulnerabilities

1,559 actively exploited CVEs in our knowledge base.

Every finding is checked against the CISA KEV catalog — the list of vulnerabilities the US government has confirmed are being exploited by adversaries right now. If something in your stack appears on that list, your report flags it with a red KEV badge so it jumps the queue. No other automated scanner in this price range does this.

SSL/TLS◆

DMARC◆

SPF◆

DKIM◆

HSTS◆

CSP◆

X-FRAME-OPTIONS◆

CAA◆

DNSSEC◆

WHOIS◆

BREACH DATA◆

CERTIFICATE TRANSPARENCY◆

OBSERVATORY◆

BLACKLISTS◆

OWASP◆

CIPHER SUITES◆

SAN◆

PERMISSIONS-POLICY◆

SSL/TLS◆

DMARC◆

SPF◆

DKIM◆

HSTS◆

CSP◆

X-FRAME-OPTIONS◆

CAA◆

DNSSEC◆

WHOIS◆

BREACH DATA◆

CERTIFICATE TRANSPARENCY◆

OBSERVATORY◆

BLACKLISTS◆

OWASP◆

CIPHER SUITES◆

SAN◆

PERMISSIONS-POLICY◆

By the numbers

Trusted. Live. Refreshed every scan.

Real numbers from the platform — counted as scans complete.

Security checks

Per scan, every dimension

Domains scanned

And counting

1,559+

CVEs tracked

CISA KEV catalog, live

~2 min

Average scan time

End to end

FREE · NO SIGNUP · 2 MIN

See your domain's security
in two minutes.

Get a complete audit covering 18+ checks across SSL, email, headers, DNS, WHOIS and breach data — exported to PDF if you want it.

Free forever·Pro $14.99/mo · 14-day trial·Cancel anytime