ExposureScanner
Find exposed .env and config files
ExposureScanner checks your own websites for sensitive files that shouldn't be public — things like .env, an exposed .git folder, wp-config.php backups, and database dumps. Enter a site URL, and it probes a configurable list of paths, then shows a clean report grouped by severity with a short note on why each finding matters and how to fix it. Smart detection fingerprints the site's "not found" response first, so you get real hits instead of false positives from catch-all pages. Every scanned site lands in the sidebar with its own history, so you can rescan and track what's fixed over time. For auditing sites you own or are authorized to test.


