Ridgepoint Spotter
FreeSpotter is a free external security scan that grades your organization A through F across six categories — using 14 specialized tools and only publicly available data. No agents, no credentials, no access to your network. Just your domain name.
Already have an account? Sign in and run a scan in under 60 seconds.
What Spotter Checks
Every scan combines results from 14 specialized tools into a weighted score across six security categories and an overall A–F grade. Any CRITICAL finding caps the overall grade at D — because one wide-open door is enough.
Live nmap scanning identifies open ports, running services, OS fingerprinting, and known CVEs across your public infrastructure.
testssl.sh cipher suite analysis, protocol version checks, and vulnerability detection for Heartbleed, POODLE, BEAST, and more.
Checks for Content-Security-Policy, HSTS, X-Frame-Options, and other critical headers most websites are missing.
Probes for accidentally exposed .git directories, .env files, database backups, admin panels, and other sensitive paths.
Identifies your CMS, web server version, JavaScript frameworks, and other technologies — flagging outdated or vulnerable versions.
Detects whether a Web Application Firewall is protecting your web applications and identifies the specific product.
Discovers subdomains via Certificate Transparency logs and passive OSINT — finding forgotten dev, staging, and admin portals.
Harvests publicly exposed email addresses and employee names from search engines, certificates, and DNS records.
Checks your domain against breach databases to identify compromised credentials associated with your organization.
Validates SPF, DMARC, DKIM, MTA-STS, and BIMI configuration to assess email spoofing and phishing resistance.
WHOIS registration, DNS record analysis, DNSSEC validation, and zone transfer testing.
Checks your domain against DNS blocklists, URLhaus malware databases, and abuse databases.
Evaluates cookie flags — Secure, HttpOnly, SameSite — and analyzes robots.txt for intelligence on hidden paths.
Certificate chain validation, expiration monitoring, issuer verification, and HSTS preload status.
How It Works
Fill out a short form. We review each request personally — no bots, no crawlers, no automated sign-ups.
Sign in, enter your domain, and start the scan. Quick Scan finishes in under 2 minutes, Full Scan in under 5.
A branded PDF with an overall letter grade, six category scores, detailed findings, and a prioritized remediation plan.
FAQ
Access is free. Reports are yours to keep. No strings attached.