VibeCheck - Free Security Scans For Indie Developers
Security is difficult — our mission is to make it effortless!Get top-tier security scans of your domain delivered in chill, readable reports that make fixing vulnerabilities a breeze—all for free!
Security Without Stress
1. Drop your URL
2. Get an easy report
3. Fix your code, vibe!
🤝
Industry-Best Scans
Run top-tier security scans powered by OWASP ZAP, catching vulnerabilities like XSS and SQL injection with a tool trusted by pros—all automated, no setup hassle.
Chill AI Reports
Get vibe coder-friendly reports transformed by AI, turning tech jargon into clear summaries that spotlight issues and make fixes a no-brainer.
🥞
🤝
One-Click Fixes
Every report comes with dead-simple steps to patch your app—readable tips you can apply fast, keeping your code secure without the stress.
Freemium Pricing
Get basic scans for free, forever!More advanced and in-depth analysis starting at 0.99$ per 10 scans - or 29.99$ per month unlimited.Need even more? Request a manual analysis from our experts, starting at 299$.
💸
Sample Scan: Drop Your URL
Here’s a sample we scanned—swap in your own when we go live:
http://testphp.vulnweb.comSit tight—analysis runs in 1-5 minutes. Chill while we check your site!
Sample Scan: Results Snapshot
Your security score: 55%
Your website’s got a handful of issues—some high-risk bangers and some medium-level “eh, we should fix that” vibes. Here’s the rundown:1. Cross-Site Scripting (XSS) - Reflected (High Risk, 19 spots)
What’s up: Hackers can slip some sneaky JavaScript into your site through stuff like forms or URLs. When someone visits, bam—pop-ups, stolen data, or worse. It’s “reflected” because it bounces off your server to the user.Vibe fix: Clean up anything users can type into—like search bars or comment boxes. Use a filter to strip out bad code.Tell AI: “Scan all inputs—like userinfo.php—and add some sanitization magic. Maybe use a library like htmlspecialchars in PHP to keep it safe.”2. SQL Injection - MySQL (High Risk, 13 spots)
What’s up: Someone can mess with your database by typing weird stuff (like '; DROP TABLE users; --) into a field. Your report caught one in userinfo.php—it freaked out with a “SQL syntax error” when they poked it.Vibe fix: Stop shoving raw user input straight into your database queries. Use “prepared statements” instead—it’s like putting a bouncer at the door.Tell AI: “Rewrite queries in userinfo.php to use MySQL prepared statements. Swap out sketchy stuff like mysqlquery for mysqliprepare or PDO.”3. Absence of Anti-CSRF Tokens (Medium Risk, 4 spots)
What’s up: CSRF (Cross-Site Request Forgery) is when a hacker tricks a user into doing something on your site—like changing their password—without them knowing. You’re missing tokens to stop that.Vibe fix: Add a random token to every form or action (like a secret handshake) and check it on the server.Tell AI: “Add CSRF tokens to forms in my app—generate a unique one per session and validate it on POST requests.”
Sample Scan: Deep Dive into an SQL injection
There is one SQL injection in http://testphp.vulnweb.com/userinfo.php.What happened: The scanner messed with a POST parameter (like username or password), and your site barfed back a MySQL error: “You have an error in your SQL syntax.” That’s a neon sign saying, “Hack me!”Why it’s bad: If they can trigger errors, they can probably run their own SQL commands—like dumping your whole user table.Vibe fix: Look at userinfo.php. You’re probably doing something like:
$input = $_POST['username'];That’s wide open. Switch it to a prepared statement like:
$query = "SELECT * FROM users WHERE username = '$input'";
$stmt = $mysqli->prepare("SELECT * FROM users WHERE username = ?");Tell your AI assistant: “Fix userinfo.php—find the SQL query, make it a prepared statement, and test it doesn’t leak errors.”
$stmt->bind_param("s", $_POST['username']);
$stmt->execute();