Public-surface Magento scan
Check your Magento store before attackers do.
Run a passive scan for common Magento security signals: exposed config, default admin paths, missing browser security headers and public version disclosure. No login attempts, no intrusive payloads.
Passive checks only
No admin login needed
Fix plan available
What it checks
Fast public signals.
Not a full audit.
The scan is designed for early triage. It helps spot the obvious problems that show up in public security tools, PCI conversations and emergency support calls.
Magento 1 or Magento 2 public fingerprints
Public /magento_version disclosure
Default admin path exposure
Public .git, .env, env.php or local.xml leaks
Security headers including HSTS, CSP and X-Content-Type-Options
Magento 1 downloader exposure
Need the full picture?
Public scans cannot see extension versions, admin users, file permissions, deployment history, database integrity or checkout modifications. That is where the audit call helps.