about
One report. Twelve public scanners. No signup.
Why this tool exists, what it does, and what it deliberately does not do.
what it is
A consolidated read on a public URL
Paste a URL. Url Reporter queries twelve well-known public security scanners in parallel and consolidates the results into one report with one overall letter grade and a per-scanner breakdown.
You get the same checks security professionals already run by hand, just in one place, on one screen, in one click. Free, no account required, no payload sent to your site, no rate-limit-eating bulk runs.
why it exists
Because nobody runs all twelve by hand
Every one of the twelve scanners we query is well known on its own. SSL Labs, Mozilla Observatory, securityheaders.com, internet.nl, hstspreload.org, crt.sh: any security engineer has used most of them at some point. The problem is nobody runs all of them every time, on every site they care about, because clicking through twelve websites is friction.
Url Reporter exists to remove that friction. One paste, one report, one letter, twelve angles.
what it deliberately is not
Things we will not do
- It is not a vulnerability scanner. No payloads, no fuzzing, no auth bypass attempts, no SQL injection probes. We send a single GET to the target and read public data sources. Active testing is out of scope.
- It is not a load tester. The DoS posture scanner is purely passive: it reads response headers to detect a CDN or WAF and looks for rate-limit signals. It will never flood a server.
- It is not a substitute for a real audit. A consolidated public-data scan catches a useful slice of common misconfigurations. It will not find application-layer flaws, business-logic bugs, or anything that needs authentication.
- It is not a paid product. No tiers, no signup wall, no API key, no rate limits beyond what the upstream scanners impose on their own services.
how it works
Twelve scanners, one HTTP client, one report
Every scan runs the enabled scanners concurrently under a single HTTP client. Each scanner gets isolated: if one times out, errors, or returns garbage, the others keep going and the failed one is flagged in the report. Every outbound HTTP call retries on transient errors before giving up.
Reports are written to disk incrementally as each scanner finishes, so even if you Ctrl-C mid-scan or the server is killed, you still get a usable file with everything that completed up to that point.
Each scanner contributes a number from 0 to 100 (or no number if it errored or only links out). The overall score is the plain average of those numbers, then mapped to a letter. The full methodology lives at /score.
interfaces
Web UI and CLI
Two ways to use it, sharing one core engine:
- Web UI. What you are using right now. Paste a URL, optionally pick which scanners to run, watch a live progress page, then read the consolidated result. Download the report as Markdown or as a self-contained HTML file with embedded styles and a print stylesheet.
- CLI.
urlreporter scan https://example.com. Prints the summary to your terminal with a live per-scanner progress block, saves a Markdown report to./reports/. Pass--htmlto also save the HTML version. Useful in CI, in scheduled jobs, or just for piping into a file.
open source
Run it yourself
The whole project is MIT-licensed and lives on GitHub at github.com/pdiomede/urlreporter. You can self-host the web UI, run the CLI inside CI, fork it, audit the code, file issues, send pull requests.
If you want the same kind of report inside a private network on internal hosts the public scanners cannot reach, self-hosting is the only path. The tool itself does not need internet access except to call the upstream scanners, so it works fine through a corporate proxy too.
credits
Who made it
Url Reporter is built and maintained by Paolo Diomede. It is a personal project, not a company product. Issues and pull requests are welcome on GitHub.
The real heavy lifting is done by the upstream scanners themselves: SSL Labs, Mozilla, securityheaders.com, internet.nl, hstspreload.org, crt.sh, and the operators of public DoH and CT log services. Url Reporter is a thin coordinator on top of their work. If this tool is useful, donate to or contribute back to the projects it depends on.