Security scanner
for indie developers.
Marshell scans your domain and tells you exactly what's misconfigured - in plain English, with step-by-step fixes. No pentest knowledge required.
$ marshell scan yoursite.com
>>> Starting security scan...
>>> Checking open ports... ✓ done
>>> Checking SSL/TLS config... ✕ weak cipher detected
>>> Checking security headers... ✕ missing HSTS, CSP
>>> Checking exposed paths... ✓ clean
>>> Checking DNS config... ✓ clean
>>> Checking fingerprinting... ✕ nginx version exposed
SCAN COMPLETE - 3 issues found
Severity Issue Fix
HIGH Missing HSTS header add Strict-Transport-Security header
MEDIUM Weak TLS cipher (RC4) disable in nginx.conf line 42
LOW Server version exposed set server_tokens off in nginx
marshell@scan:~$ _
Open Ports
Ports you forgot were open after testing something quickly on your server.
SSL / TLS
Expired certs, weak ciphers, and missing HTTPS redirects caught instantly.
Security Headers
Missing crucial headers like CSP, HSTS, X-Frame-Options, and Referrer-Policy.
Exposed Paths
.env files, /admin panels, and /.git directories accidentally left public.
DNS Issues
Subdomain takeover vulnerabilities hiding in your outdated DNS configurations.
Fingerprinting
Stop your web server from revealing its underlying software versions to attackers.
Get notified when we launch.
Join the early access list. We'll send you an invite when it's ready.