CyroloCyrolo
Features
Platform capabilities & tools
Pricing
$299/mo security subscription
Security Scanning
150+ automated vulnerability checks
Penetration Testing
Elite red team services
Free Tools
Free security scanners
About
Our mission & team
Contact
Get in touch
Sign InGet Started
Cyber Security
All systems operational
Enterprise-Grade Security Intelligence

Is Your Website
Secure?

Scan any website in seconds. Our engine analyzes SSL, headers, DNS, and more — revealing vulnerabilities before attackers find them.

150+Scanners
16Layers
6Categories
A+FGrading
Non-destructive6 scan layersResults in seconds

Multi-Layer Analysis

6 Inspection Layers

Every scan passes through six distinct inspection layers. Each layer analyzes a different dimension of your security posture.

L0

Transport Layer

TLS/SSL, cipher suites, certificate validation

L1

Protocol Layer

HTTP/2, HSTS, redirect chains, response headers

L2

Application Layer

CMS detection, CVE lookup, directory exposure

L3

Network Layer

Port scanning, subdomain discovery, WAF detection

L4

DNS Layer

DNSSEC, SPF, DKIM, DMARC, zone configuration

L5

Data Layer

Cookie attributes, mixed content, CSP enforcement

Scanner Modules

150+ Professional Scanners

Each scanner module is purpose-built for a specific security domain. Modules are organized into 6 categories with individual findings, severity scores, and remediation guidance.

SSL & Encryption

Validates certificate chains, cipher suites, and protocol versions to ensure encrypted connections meet modern standards.

  • SSL Certificate Validator

    Checks validity, expiry, issuer trust chain, and key strength

  • TLS Protocol Checker

    Detects deprecated TLS 1.0/1.1 and weak cipher suites

  • Certificate Chain Analysis

    Verifies complete chain of trust from root to leaf

  • HSTS Enforcement

    Checks HTTP Strict Transport Security headers and preload status

HTTP Security Headers

Audits response headers that control browser security behavior — from CSP to X-Frame-Options.

  • Security Headers Audit

    Full header analysis: CSP, X-Content-Type, Referrer-Policy

  • CORS Configuration

    Detects overly permissive cross-origin resource sharing

  • Cookie Security Check

    Validates Secure, HttpOnly, SameSite, and Path attributes

  • Mixed Content Detection

    Identifies HTTP resources loaded on HTTPS pages

Pro+

Network & Infrastructure

Probes network-level exposure including open ports, subdomain enumeration, and WAF detection.

  • Port Scanner

    Non-intrusive scan of common service ports (top 1000)

  • Subdomain Enumeration

    Discovers subdomains via DNS, certificate transparency logs

  • DNS Security Check

    Validates DNSSEC, zone transfers, dangling CNAMEs

  • WAF Detection

    Identifies web application firewall vendor and configuration

Pro+

Application Security

Fingerprints technology stacks, checks for known CVEs, and discovers exposed directories and endpoints.

  • Technology Detection

    Identifies CMS, frameworks, libraries, and server software

  • CMS Version Check

    Detects outdated WordPress, Drupal, Joomla versions

  • CVE Database Lookup

    Cross-references detected software against NVD/MITRE CVE data

  • Directory Listing Scan

    Checks for exposed directories, backup files, .git/.env

Email & DNS Authentication

Validates email authentication records to prevent spoofing, phishing, and deliverability issues.

  • SPF Record Analysis

    Checks Sender Policy Framework record syntax and coverage

  • DKIM Validation

    Validates DomainKeys Identified Mail signatures and key strength

  • DMARC Policy Check

    Verifies DMARC alignment, policy enforcement, and reporting

  • MX & Mail Security

    Checks MX records, STARTTLS support, and DANE/TLSA

Performance & Configuration

Analyzes configuration files, redirect chains, and performance metrics that affect security posture.

  • Performance Metrics

    TTFB, resource loading, render-blocking asset analysis

  • Robots.txt Audit

    Checks for sensitive paths exposed via robots.txt

  • Redirect Chain Analysis

    Maps redirect hops and detects open redirect vulnerabilities

  • API Endpoint Discovery

    Discovers exposed API endpoints from sitemap, JS bundles

Verified Owner Access

Deep scans require domain verification

Advanced scanners (network probing, directory listing, CVE exploitation checks) can reveal sensitive configuration details. To protect website owners, these modules are gated behind domain ownership verification.

1

Add DNS TXT record

Place a unique verification token in your domain's DNS records.

2

Or add a meta tag

Add a <meta> tag with your verification token to your homepage.

3

Verification completes

We validate ownership and unlock the full scanner suite for your domain.

Domain verified
example.comVerified
SSL & EncryptionUnlocked
HTTP HeadersUnlocked
Network & InfrastructureUnlocked
Application SecurityUnlocked
Email & DNSUnlocked
Performance & ConfigUnlocked

Simple Process

How it works

Comprehensive security insights in minutes, not days.

Enter URLScan DepthResultsReports
Cyrolo Security Intelligence Engine
A+
37 security suites
Step 1

Enter your URL

Paste your website URL. No installation or agent required.

Step 2

Select scan depth

Quick, Standard, or Deep depending on your needs and plan.

Step 3

Get instant results

Security grade A+ to F with findings by severity and layer.

Step 4

Download reports

PDF reports with executive summary and technical remediation.

Security Grading

Industry-standard grading system

Based on aggregate findings across all layers.

A+

Excellent

No critical or high findings

A

Great

Minor issues only

B

Good

Some medium findings

C

Fair

Multiple issues found

F

Critical

Immediate action needed

Simple Pricing

Two ways to secure your stack

$299/month for automated scanning — or submit a request for expert penetration testing. No hidden fees on subscriptions. Cancel anytime.

MonthlyAnnualSave 15%
Most Popular

Security Scanning

Automated vulnerability scanning and compliance for your entire web presence.

$299/mo
  • Security Scanner (150+ checks, 39 suites)
  • GDPR Compliance Audit (23 articles)
  • Cookie & Consent Scanner
  • CCPA, LGPD, CNIL Compliance
  • SSL & Certificate Monitoring
  • Scheduled scans & PDF reports
  • Unlimited domains
  • Priority support
Subscribe Now
Submission only

Penetration Testing

Expert red team engagement — scoped, quoted, and delivered for your environment.

Customper engagement
  • Dedicated red team of security experts
  • Web, API, and mobile application testing
  • Full exploitation & proof-of-concept
  • OWASP Top 10 + business logic testing
  • Executive & technical reports
  • Retesting after fixes (included)
  • NDA & compliance documentation
  • Engagements from $4,900
Custom order

Manual engagement · Engagements from $4,900

Subscription applies to automated scanning only. Penetration testing is scoped and quoted before kickoff — engagements from $4,900.

Non-destructive scanning
AES-256 encrypted
GDPR compliant
Results in < 60 seconds
PDF & CSV reports

Don't wait for a breach

Every minute without a scan
is a minute attackers have the advantage

Discover vulnerabilities across 37 security suites and 6 inspection layers. Get a comprehensive security grade with expert remediation guidance — before it's too late.

2,847 attacks detected this hour
your-website.com
Live Attack Feed
Start Scanning NowTalk to Sales

$299/mo subscription · 37 security suites · Full reports · Cancel anytime

Start scanning$299/mo