Show HN: Free Security audit that checks what other tools miss (domainoptic.com)
Built this after almost shipping Stripe key in a production bundle.
It runs 6 checks in a few seconds:
- SSL Certificate - validity, expiration, protocol - DNS Health - SPF, DKIM, DMARC (email spoofing protection) - Security Headers - CSP, HSTS, X-Frame-Options - Blacklist Status - spam/malware list checks - Secret Scanner - finds leaked API keys in public JS bundles (AWS, Stripe, Firebase, etc.) - Ghost API Hunter - exposed Swagger docs, GraphQL endpoints, debug routes
Everything gets A+ to F grades with plain English explanations.
The last two are the differentiators, most SSL checkers exist, but few tools passively scan your frontend for shipped secrets or forgotten /api endpoints.
Looking for feedback on false positive rates and what other checks would be useful.
0 comments
[ 3.1 ms ] story [ 7.0 ms ] threadNo comments yet.