StackShield is a website security scanner built for startups and indie hackers. Scan SSL, headers, DNS, open ports, web vulnerabilities, and CVEs. Then get AI-generated fix instructions you can follow without a security team.
Last update 0s ago
Scan History
manual scan
// how_it_works
Enter your website URL and verify ownership with a DNS TXT record or meta tag. Takes under a minute.
We test SSL certificates, HTTP security headers, DNS configuration, open ports, web vulnerabilities, database exposure, and known CVEs.
Get prioritized findings with severity ratings. Copy AI prompt packs directly into ChatGPT, Claude, or Cursor and fix issues yourself.
// scan_results
Every security scan produces a scored report with prioritized findings, severity ratings, and AI prompt packs you can act on immediately.
← yourcompany.com
Feb 1, 2026 at 5:00:20 PM · manual scan
CRITICAL
1
HIGH
0
MEDIUM
2
LOW
3
INFO
5
Findings (11)
Next.js middleware bypass (CVE-2025-29927)
Web Vulnerability Scanner
A critical authorization bypass vulnerability was detected in your Next.js application. Attackers can bypass middleware authentication by sending a crafted x-middleware-subrequest header, gaining unauthorized access to protected routes.
Remediation
1. Upgrade Next.js immediately to a patched version:
npm install [email protected] [email protected]
2. If you cannot upgrade, add this to your middleware:
if (request.headers.get('x-middleware-subrequest')) {
return new Response('Forbidden', { status: 403 });
}
3. Redeploy your application after patching.
Reference: https://nextjs.org/blog/cve-2025-29927
Legacy TLS protocol negotiated
SSL & TLS Scanner
DMARC record missing
DNS Scanner
DKIM selectors not found
DNS Scanner
+ 7 more findings
// pricing
Start with a free security scan. Upgrade when you need more domains, scheduled scans, and AI prompt packs on every finding.
Limited launch offer: sign up free and get a prompt pack to try AI-powered fix instructions on a finding (100 spots left).
Free
Try it out on one domain.
Limited launch offer: 1 free prompt pack included. Try AI-powered fix instructions on a finding (100 spots left).
Builder
For indie hackers shipping fast. Intro offer for first 100 paid signups.
Startup
For growing teams that need coverage. Intro offer for first 100 paid signups.
// faq
We run 8 security scanner categories: SSL/TLS certificate and protocol analysis, HTTP security headers (CSP, HSTS, X-Frame-Options, etc.), DNS configuration (SPF, DKIM, DMARC, DNSSEC, CAA), a full port scan with service detection, web vulnerability checks (mixed content, cookie flags, CORS, redirect chains), database exposure checks (open DB ports + RBAC posture), a Nuclei scanner that runs thousands of community templates to detect CVEs, misconfigurations, exposed files, default credentials, and technology fingerprinting, and a Penetration Testing scanner that performs directory discovery, injection testing, authentication weakness checks, session token analysis, and backup/config file detection.
You can verify domain ownership in two ways: add a DNS TXT record with a unique token we provide, or place a meta tag in your homepage's HTML head. Both methods take under a minute. You must verify a domain before scanning it.
For each finding, we generate three AI prompt packs: Fix (step-by-step instructions you can paste into ChatGPT, Claude, or Cursor), Explain (a developer-friendly explanation of the vulnerability), and Verify (a prompt to help confirm your fix works). Available on Builder and Startup plans, or $2.99 per finding on the Free plan.
All scan results are stored in an encrypted database and associated only with your account. We never share scan data. You can delete domains and their associated data at any time. We only scan domains you've verified ownership of.
Yes. All plans are billed annually and you can cancel at any time through the billing portal. You'll retain access until the end of your current billing period.
Not yet, but it's on our roadmap. Currently we run 8 scanner categories; Including a Nuclei scanner powered by thousands of community templates and a Penetration Testing scanner. Covering the most common security issues for web applications. If you have a specific need, reach out to support.
Skip the $10k consultant. Scan your website for SSL issues, missing security headers, DNS misconfigurations, open ports, and known CVEs. Get AI prompt packs with fix instructions and resolve vulnerabilities yourself.
Scanner Coverage
Comprehensive vulnerability testing
| Scanner | What it checks | Potential customer impact |
|---|---|---|
| SSL/TLS | Certificate validity, protocol strength, cipher hygiene | Trust warnings, traffic interception risk, compliance gaps |
| HTTP Headers | CSP, HSTS, X-Frame-Options, cookie/security headers | XSS, clickjacking, session theft, account takeover risk |
| DNS Security | SPF, DKIM, DMARC, DNSSEC, CAA configuration | Email spoofing, phishing abuse, brand trust damage |
| Port Exposure | Open ports and externally reachable services | Expanded attack surface and unauthorized access paths |
| Web Vulnerabilities | Redirect issues, mixed content, CORS, insecure defaults | Data leakage, browser exploitation, customer account risk |
| Database Exposure | Public database endpoints and weak access posture | Direct data breach risk and costly incident response |
| Nuclei Scanner | CVEs, misconfigurations, exposed files, default credentials, tech fingerprinting | Known exploit targeting, admin panel takeover, stack-specific attacks |
| Pen Test Scanner | Directory discovery, injection testing, auth weaknesses, session analysis, backup file detection | Unauthorized access, data exfiltration, session hijacking, source code leaks |