Show HN: Free Security audit that checks what other tools miss (domainoptic.com)

2 points by renbuilds ↗ HN
Built this after almost shipping Stripe key in a production bundle.

It runs 6 checks in a few seconds:

- SSL Certificate - validity, expiration, protocol - DNS Health - SPF, DKIM, DMARC (email spoofing protection) - Security Headers - CSP, HSTS, X-Frame-Options - Blacklist Status - spam/malware list checks - Secret Scanner - finds leaked API keys in public JS bundles (AWS, Stripe, Firebase, etc.) - Ghost API Hunter - exposed Swagger docs, GraphQL endpoints, debug routes

Everything gets A+ to F grades with plain English explanations.

The last two are the differentiators, most SSL checkers exist, but few tools passively scan your frontend for shipped secrets or forgotten /api endpoints.

Looking for feedback on false positive rates and what other checks would be useful.

0 comments

[ 3.1 ms ] story [ 7.0 ms ] thread

No comments yet.