Cloud Security Recon

Passive cloud posture check for Azure, AWS, GCP, Vercel, Netlify, and 8 more platforms. Detects Kudu exposure, S3 leaks, preview deploys, service account secrets, and WAF quality. No credentials. No login.

Target Domain or URL

I confirm I have permission to scan this domain.

What this tool checks

Azure:Kudu/SCM exposure, /.auth/me, staging slots, Blob containers

AWS:S3 bucket public listing, API Gateway stage disclosure

GCP:Service account emails, Firebase config, GCS buckets

Vercel:Preview deploy exposure, /.vercel/ paths, NEXT_PUBLIC_ secrets

Netlify:/.netlify/functions/ and Identity endpoint exposure

Cloudflare:Pages/Workers detection, WAF quality assessment

Railway / Render / Fly:Health endpoint info disclosure

All platforms:WAF quality rating: none / CDN-only / WAF-basic / WAF-premium