HMWHack My WebsiteSecurity scans for AI-built websitesOpen scanner

Find the security holes in your website before someone else does.

Hack My Website scans websites you own for real-world web risks, translates raw findings into a founder-friendly report, and helps you fix what matters first.

View sample report
Security scanner analyzing a website for vulnerabilities
scan://verified-domain
Overall risk68High
Domain ownership verified ZAP active scan completed AI Trust Score: 63/100 Safe-to-launch verdict generated
OWASP ZAP + Semgrep + Nuclei scanning pipelineAI App Trust Score for launch readinessDomain ownership verification before every scanPlain-English AI report with prioritized fixes
200+checks across headers, auth, inputs, assets, and OWASP-style risks
3-8 mintypical scan window after domain ownership is verified
3 engines + customOWASP ZAP, Nuclei, Semgrep, plus AI-built website checks
Built for fast-moving teams

Security workflow, not a decorative website score.

The platform is designed around the real flow: prove the domain is yours, scan it safely, then hand the report to the person who can actually fix the issue.

Verified-domain scanning

Users prove ownership with DNS TXT or a well-known file before any scan starts.

Real scanner pipeline

ZAP, Nuclei, and Semgrep collect technical evidence instead of producing a vague score.

Founder-readable reports

Gemini turns findings into plain-English risk, priority, and remediation guidance.

AI-built website checks

Product-specific checks catch exposed source maps, public secrets, weak cookie/session settings, and risky admin routes.

Plan-aware workspace

Website limits, monthly scans, and PDF access now follow the product pricing model.

AI App Trust Score

Before you launch your AI-built app, know if it is actually safe to ship.

Hack My Website now includes a premium scan mode for apps built with Cursor, Lovable, Bolt, Replit, Claude Code, v0, and other AI coding tools. It combines scanner evidence with app context to produce a launch-readiness score founders can understand and developers can act on.

85-100Launch Ready70-84Mostly Ready50-69Risky Launch0-49Not Production Safe
AI Trust Score63/100Risky Launch
  • Security basics
  • Auth and session safety
  • Secrets and API exposure
  • Production readiness
  • Payment and user-data risk
  • Scalability and reliability signals
Includes launch blockers, fix-first plan, and Cursor/Claude fix prompts.
Detection + reporting

Find the specific web risks that AI-built sites often ship with.

Hack My Website does not stop at scanner output. It names the issue class, shows affected targets, and translates the risk into a fix order a founder or agency can act on.

That includes AI-built website issues like exposed source maps, leaked public config, missing security headers, weak cookie settings, and suspicious admin surfaces that often ship with fast-built apps.

View sample report

What we detect

  • SQL injection
  • Cross-site scripting (XSS)
  • Broken authentication
  • IDOR and access control gaps
  • Security misconfiguration
  • Exposed secrets and risky assets
  • Known web CVE patterns
  • OWASP Top 10 style issues

What you get in the report

  • Overall risk score and severity breakdown
  • AI App Trust Score and safe-to-launch verdict
  • Founder-friendly executive summary
  • Prioritized remediation order
  • Affected URLs and scanner evidence
  • Cursor/Claude fix prompts for developers
  • Fix guidance for developers
  • PDF export on paid plans
Responsible scanning

Three steps from unknown risk to a fix-ready report.

  1. Register your HTTPS origin

    Add the exact website origin you own. Localhost, private IPs, and unsafe targets are rejected.

  2. Verify ownership

    Use DNS TXT or a well-known file before the scanner is allowed to run.

  3. Run the assessment

    ZAP, Nuclei, Semgrep, and Gemini produce a prioritized scan report.

Pricing

Plans that match the way founders and agencies scan websites.

Paid-only beta pricing keeps the launch signal clean. The sample report shows the output before users join the waitlist, and every plan includes PDF reporting.

Starter

₹1,499per month

For founders who want one website checked with a real PDF report.

  • 1 website
  • 3 scans/month
  • Manual AI App Trust Score
  • PDF report

Pro

Most practical
₹2,999per month

For builders and small teams shipping multiple surfaces.

  • 3 websites
  • 30 scans/month
  • Weekly Trust monitoring
  • PDF report

Agency

₹9,999per month

For agencies scanning client websites on a recurring basis.

  • 10 websites
  • 150 scans/month
  • Weekly Trust monitoring
  • Multi-client reports

Custom

Contactsales

For larger portfolios, heavier scan volume, and priority support.

  • More websites
  • Higher scan volume
  • Priority support
  • Custom onboarding
Contact sales

Launching publicly soon. Join the early access list.

Share what you want to scan and which plan fits you. This helps validate demand before the full paid launch, especially for founders, startups, and agencies.

View sample report
Launch logic

We collect demand first, then open checkout.

The scanner workspace remains available for beta/internal users. Public visitors are pushed to the waitlist so the first 100 leads show real buying interest before Razorpay checkout goes live.