ExposureScanner

ExposureScanner

Find exposed .env and config files

Size81 KB
Updated3 Jul 2026
InstallsNew
Screenshot 1Screenshot 2Screenshot 3

ExposureScanner checks your own websites for sensitive files that shouldn't be public — things like .env, an exposed .git folder, wp-config.php backups, and database dumps. Enter a site URL, and it probes a configurable list of paths, then shows a clean report grouped by severity with a short note on why each finding matters and how to fix it. Smart detection fingerprints the site's "not found" response first, so you get real hits instead of false positives from catch-all pages. Every scanned site lands in the sidebar with its own history, so you can rescan and track what's fixed over time. For auditing sites you own or are authorized to test.