New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Find exposed debug routes, admin panels, and development endpoints left in production.
Overview
Debug endpoints, admin panels, and development tools left accessible in production are a goldmine for attackers. Our scanner checks for common debug paths, exposed stack traces, development middleware, and administrative interfaces.
What this scanner does
Probes for common debug and admin paths (/debug, /admin, /phpinfo, /.env, /graphql, /swagger, etc.). Checks for exposed error pages with stack traces, development middleware indicators, and administrative endpoints without authentication.
Why it matters
Exposed debug endpoints can reveal environment variables, database credentials, internal API structures, and system configuration. Admin panels without authentication give attackers direct control over your application.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Vulnerability Detection
Detect exposed API keys, tokens, and secrets in your frontend code and responses.
Configuration Audit
Check if your site has the right HTTP security headers to prevent common attacks.
Vulnerability Detection
Identify your technology stack and check for known vulnerabilities (CVEs).
