Surface Check
What does your site show the public?
Paste your URL. We fetch it like a normal browser and report what's visible from outside. No testing, no probing, no attack. Under-reporting is correct.
We make a small number of GET requests only. No forms, no auth attempts, no scanning of paths beyond a small fixed conventional list.
Inside the Rescue door
Two depths, one door.
Rescue starts free from outside and can go deep with your permission. Surface Check is observed, not tested. Deep Audit is authorized code review, not a penetration test.
Surface Check
Paste a URL. We passively observe what your site shows a normal browser: headers, cookies, exposed secrets in bundled JS, and files that shouldn't be public. Nothing is tested, probed, or attacked.
- · Honest letter grade with plain-language findings
- · Shareable report link
- · No sign-up, no email gate
Deep Audit
Grant us permission to review your codebase. We run a static AI code security review that finds the classes of issues vibe-coded apps actually die from: broken access control, exposed secrets, missing auth, weak database rules.
- · AI static code review, not a penetration test
- · Your tailored Foundation, downloadable
- · A phased Plan to remediate
