Test file upload endpoints for unrestricted uploads and remote code execution risks.
Unrestricted file upload is a critical vulnerability that can lead to remote code execution. Our scanner identifies file upload endpoints and tests for dangerous file type acceptance, missing content-type validation, path traversal, and file size limits.
Discovers file upload forms and endpoints across all crawled pages. Tests for acceptance of dangerous file types (.php, .jsp, .exe), missing MIME-type validation, file size limit enforcement, and path traversal in filenames.
An unrestricted file upload can let attackers upload web shells, gaining full control of your server. Even with execution prevention, uploaded files can be used for stored XSS, phishing, or serving malware from your domain.
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Test form fields and API inputs for proper validation and sanitization.
Configuration AuditCheck if your site has the right HTTP security headers to prevent common attacks.
Vulnerability DetectionFind exposed debug routes, admin panels, and development endpoints left in production.