How QuackScan Works
A transparent, step-by-step security assessment process. You control the depth, and we show you exactly what we find.
Enter your domain
Type your domain (e.g., yourapp.com) and choose what to assess. Basic assessments start immediately with no setup required.
Choose assessment depth
Select how thorough the assessment should be. Deeper levels require domain ownership verification.
Read-only checks on publicly accessible endpoints, headers, SSL, and exposed services.
Infrastructure analysis, technology detection, and frontend secret scanning. Still read-only.
Active vulnerability scanning, default credential testing, and parameter fuzzing. Requires you to prove domain ownership first.
Review free preview
See all findings with severity ratings visible. Detailed evidence and remediation steps are blurred in the preview. This lets you evaluate the value before paying.
See a demo reportUnlock full report — $25
Pay one-time to unlock all evidence, step-by-step remediation instructions, and a professional PDF report delivered to your email. No subscriptions.
Domain Verification
Deep assessments (active scanning, credential testing, fuzzing) require you to prove domain ownership by adding a DNS TXT record. This ensures assessments only run on systems you own.
How to verify your domain
Select any deep scan option (nuclei scanning, credential testing, or fuzzing). You'll be prompted to verify your domain.
Add the following TXT record to your domain's DNS settings:
We check the DNS record in real-time. Once verified, all deep assessment options are unlocked for that domain. Verification persists across sessions.