Sparrofox Security
๐Ÿ›ก๏ธ Free Security Tool

Sparrofox Security.

Comprehensive website vulnerability scanner with threat intelligence and CVE search. Check your site against OWASP, ISO 27001, CIS, and NIST standards โ€” for free.

Launch Scanner โ†’ What It Scans
82
/ 100
Security Score
SSL/TLS Certificate โ€” Grade A
Security Headers โ€” 7/9 present
Cookie Security โ€” 2 issues
CORS Policy โ€” Correctly configured
Exposed Ports โ€” 3 open, 1 risky
// what we scan

9 security checks. One scan.

Each module runs independently and maps findings to industry compliance frameworks.

๐Ÿ”’

SSL/TLS Analysis

Certificate validity, chain trust, protocol version, cipher strength, expiry warnings, HSTS enforcement.

OWASP A02 NIST SC-8
๐Ÿ›ก๏ธ

Security Headers

CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and 4 more critical headers.

OWASP A05 ISO 27001
๐ŸŒ

DNS Records

A, AAAA, MX, TXT, NS records. SPF/DKIM/DMARC validation. DNSSEC checking. Mail security assessment.

NIST SC-20
๐Ÿช

Cookie Security

HttpOnly, Secure, SameSite flags. Cookie scope analysis. Session management assessment.

OWASP A07 CIS 16.9
๐Ÿ”„

CORS Configuration

Origin policy testing. Wildcard detection. Credential exposure risks. Pre-flight configuration validation.

OWASP A01
๐Ÿ“ก

Port Scanning

Common service ports (20+). Unexpected open port detection. Service identification. Risk classification per port.

NIST CM-7 CIS 9.1
๐Ÿ”

Technology Detection

Identify web server, CMS, frameworks, CDNs, analytics tools. Known vulnerability mapping for detected tech.

OWASP A06
๐Ÿค–

Robots.txt & Paths

Sensitive path exposure in robots.txt. Admin panel detection. Backup file discovery. Information leakage.

OWASP A01
๐Ÿ“Š

Composite Scoring

Weighted score across all modules. Letter grade (A-F). Severity distribution. Priority remediation order.

ISO 27001 NIST RA-5
// capabilities

More than a scanner.

๐Ÿ›ก๏ธ Threat Intelligence

Live RSS feeds from major security sources. CISA alerts, NIST bulletins, vendor advisories. Searchable, categorised, timestamped.

๐Ÿ› CVE Search

Search the NVD (National Vulnerability Database) for CVEs by keyword, product, or vendor. CVSS scores, severity, affected versions, references.

๐Ÿ“Š Scan History

Every scan is stored locally in SQLite. Track your security posture over time. Compare scores across scans. Export results.

๐ŸŽฏ Compliance Mapping

Each finding maps to specific OWASP, ISO 27001, CIS, and NIST controls. Generate compliance-ready reports for auditors.

// frameworks

Maps to the standards that matter.

๐Ÿ…พ
OWASP Top 10
Web application security risks. A01โ€“A10 coverage across all scan modules.
๐Ÿ”ท
NIST 800-53
Federal security controls. SC, CM, RA, and AC families mapped to findings.
โœ…
ISO 27001
Information security management. Annex A controls mapped to scan results.
๐Ÿ›๏ธ
CIS Controls
Center for Internet Security benchmarks. Critical and foundational controls.
// built with
Node.js / Express React / Vite SQLite Tailwind CSS NVD API RSS Feeds Docker

Scan your website now.

Free, no signup required. Enter a URL and get a full security report in under 30 seconds.

Launch Scanner โ†’ Need a full audit?

Part of the Sparrofox product suite