Built for defensive review
The scanner is designed for public posture checks on websites you own or are authorized to review. It focuses on evidence and prioritization, not exploitation.
Passive security scanner
A passive website security scanner for headers, TLS, cookies and CORS.
OsintNET Website Risk Scanner helps owners and authorized teams review public website security posture without intrusive testing. It turns headers, TLS, cookies, CORS, DNS mail security and exposure clues into structured findings.
Designed for analysts who need clear signals, not scattered tabs.
Clear remediation context
A useful website audit should explain what is missing, why it matters and what the owner should check next. OsintNET structures findings for that workflow.
Works with domain intelligence
Website risk signals become stronger when paired with DNS, SSL, ASN, SPF, DMARC and DNSSEC context from the Domain Analyzer.
Good fit for reports
Security teams, site owners and analysts can export or summarize findings as evidence instead of copying raw scanner output from multiple tabs.
Common questions
What is a passive website security scanner?
A passive website security scanner reviews public web posture such as headers, TLS, cookies, CORS and DNS mail-security signals without exploit attempts or intrusive probing.
What does OsintNET Website Risk Scanner check?
OsintNET checks HTTP security headers, HTTPS and TLS posture, cookie flags, CORS exposure, DNS mail-security records, sensitive file exposure and common public-risk signals.
Can I scan any website?
Use OsintNET for websites you own, administer or are authorized to assess. It is intended for defensive security review and public-signal analysis.
Continue with the next evidence layer.
Website Risk Scanner
Run the interactive scanner for headers, TLS, cookies, CORS and DNS mail security.
SPF, DMARC and DNSSEC checker
Focus on domain mail-security posture and DNS validation signals.
Website Risk Scanning Guide
Learn how passive website risk findings should be interpreted and prioritized.
OsintNET vs security headers scanners
Compare header-only checks with broader website risk posture review.
Website risk example report
See a sample report structure for headers, TLS, cookies, CORS and DNS mail security.
Start investigation
Use OsintNET to convert public signals into structured evidence.
Pick the module that matches your target and keep each clue connected to its source, confidence and investigation context.