Get a 0-100 hardening score for any Linux server in 60 seconds.

A scored hardening report you can read, share, and act on. Scan from the outside, run a script you can audit yourself, or let us connect — you decide how much access to give. No signup to start.

Scan a server — free   See pricing

Three ways to scan — pick your comfort level

You stay in control. Start with zero access and go deeper only when you trust us. The on-box options return the same full 25-check report — the only difference is whether we ever touch your server.

External

No access needed

  • You give just a hostname or IP
  • We probe your public surface: open ports, exposed services, TLS & SSH ciphers, HTTP headers
  • Nothing installed, nothing handed over
Scan from outside

Run & upload

You keep the keys

  • Download a short, read-only script for your OS — read every line before you run it
  • Run it; results come back (auto-upload optional)
  • We get the data, never access to your box
  • Full 25-check report
Run & upload

Let us connect

Hands-off

  • Grant a read-only SSH key
  • We connect from our servers and run all 25 checks
  • Nothing for you to install or run
  • Full 25-check report
Scan now

How it works

  1. Point it at a server. Give us a host (and, for the hands-off option, an SSH user and key). We read configs and run 25 hardening checks. We never store your credentials.
  2. Get a 0–100 score. Weighted by severity. Every deduction is named, evidenced, and remediated. Coverage is shown alongside the number.
  3. Share the report. Public scrubbed URL (target redacted) you can drop in a PR or Slack. $5 makes it permanent + adds a PDF.

Scan from outside — no access needed

Give us a hostname or IP and we probe its public surface from our servers — open ports, exposed data stores, TLS & SSH ciphers, HTTP headers. Nothing to install, no credentials. Only scan hosts you're authorized to test.

Scan now — we connect (hands-off)

The managed option. Paste a read-only SSH key; we connect from our servers, run the checks, and discard the credentials when the scan finishes — they're never persisted to disk.

Credentials are passed to the scan worker in-memory and discarded when the scan finishes. They're never persisted to disk.