ComingUp ComingUp
SteelSuit

SteelSuit

External web security scanner: TLS, headers, secrets & CVEs

Jul 5, 2026 Security & Privacy
cve detection external scanner penetration testing vulnerability scanner web security

Gallery

SteelSuit

About

SteelSuit is an external web security scanner. Point it at a domain you own and it looks at your site the way an attacker would, from the outside — no code access, no installed agent, just the domain.Under one scan it runs a professional toolchain (port and service detection, Nuclei's 4000+ CVE/misconfig templates, testssl.sh for TLS, subdomain enumeration with takeover detection, content discovery, and JavaScript-bundle secret detection) and aggregates everything into a single A–F report instead of raw tool output.You get: an A–F security grade with an executive summary; TLS/SSL, security-header and CSP analysis; exposed-secret detection in JS bundles (patterns only — we never test your keys); subdomain enumeration + takeover detection and Wayback exposure; email posture (SPF, DKIM, DMARC, BIMI); stack-specific fix snippets for Next.js, Cloudflare and nginx; compliance mapping to PCI DSS 4.0, ISO 27001 and GDPR; continuous monitoring with diff alerts; and a REST API.It is external and read-only — browser-equivalent traffic, no exploitation, no DoS, no credential testing. Deeper than the cheap single-purpose scanners, a fraction of the price of the enterprise platforms. Free tier, paid plans from $9.99/mo. You only scan domains you own or are authorized to assess.

Comments (6)

Iliana Williamson Iliana Williamson 5 days ago

Does it scan subdomains automatically or just the root domain?

Travis Barton Travis Barton 5 days ago

how is this different from the dozen other external scanners already out there

Greg Heller Greg Heller 5 days ago

ran it on my side project and found two things i'd never caught

Hobart Gutkowski Hobart Gutkowski 4 days ago

what scanning engine powers the TLS and header analysis

Amie Deckow Amie Deckow 2 days ago

just external scanning, that's a pretty narrow scope tbh

Markus Schmeler Markus Schmeler 4 hours ago

so basically just nmap with a ui