How it works

Two ways in. One clear picture.

Start agentless from the outside with a free website scan. Go deeper from the inside with a lightweight agent on your own servers — only when you choose to.

Lane 1 · The free website scan

You enter a URL

No account, no agent, no ownership proof. The scanner only does what a browser does on a normal request, plus public DNS lookups — entirely passive. No port scanning, no probing for exposed files, no exploitation.

We run six passive checks

Each check looks at one part of your public security posture:

SSL/TLS certificate — validity, expiry, issuer, and whether a deprecated protocol is still allowed.
HTTP security headers — HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
Cookie flags — Secure, HttpOnly, and SameSite on every cookie set.
CMS & version disclosure — detects the platform and flags exposed software versions.
HTTP → HTTPS redirect — confirms plain HTTP is redirected so traffic can't be intercepted.
Email security — SPF and DMARC records via public DNS to flag spoofing risk.

Findings are scored into a grade

Every issue carries a severity — Critical, High, Medium, or Low. Those weights subtract from a perfect score, and the result maps to a single letter: A (90+), B (75+), C (60+), D (40+), or F. Findings are sorted so the most serious ones are first.

You get fixes, not just flags

Each finding comes with what's wrong, why it matters in plain English, and the specific step to fix it — written for someone who doesn't have a security team on call.

Active checks like port scanning come later — and only after domain-ownership verification. The free scan never touches anything it isn't allowed to.

Lane 2 · The monitoring agent

Go deeper — on your own terms

The scanner sees your site from the outside. The agent sees one machine from the inside — but only because you installed it and gave it a key. It reads local state and reports findings. It never gives the server access to or control over your machine.

You install it on a machine you own

One small Python script and one dependency. You run it yourself, on hardware you control — nothing is pushed to you remotely.

# on the server you want to watch
pip install psutil
SECOBS_SERVER=https://secobs.shop SECOBS_AGENT_KEY=your-key python3 secure_agent.py

It authenticates with your agent key

The key comes from your own SecObs account. Without it, the server rejects the data. The agent talks out to the server — the server never reaches in.

It reports metrics every few seconds

CPU, memory, disk, and network throughput, labelled per host. On the dashboard this becomes a live view of what "normal" looks like for each of your servers — so anomalies stand out.

It watches for real security events

Alongside metrics, the agent runs passive detections on local state and sends an alert when something looks wrong:

Suspicious listening ports — services on ports commonly used by backdoors and C2, plus brand-new listeners that weren't there before.
Suspicious outbound connections — established connections to known-suspicious remote ports.
Offensive-tool processes — known attacker tooling (e.g. credential-theft and post-exploitation tools) running on the host.
Failed-login bursts — a spike in failed authentications, read from the system's own auth logs.

Alerts land on your dashboard & threat map

Repeat alerts are de-duplicated so you're not spammed. Anything with a remote IP is geolocated onto the live threat map, so you can see where pressure on your infrastructure is coming from.

This is lightweight host monitoring with security detection — not a full EDR or antivirus. Run it only on machines you own or are explicitly authorized to monitor.

Download the agent script

Start from the outside.

Run the free scan first. Add the agent when you're ready to watch your servers too.

Scan your site free Explore features