Raksha Labs
Free exposure scan

You shipped fast. Let's make sure you didn't ship your secrets too.

Raksha Kavach checks your live site for exposed API keys, missing security controls and leaked URLs — the things that slip through when you move fast. No installation, no code access.

Free scan, 60 seconds. See exactly what's exposed — and how to close it.

Scan my site — freeSee pricing
  • Free, no signup
  • ~60 second scan
  • No code access
live demotry any domain
raksha-scan — passive reconready

raksha@scan:~$ ./scan --mode passive

Enter your domain. We read only what's already public — no login, no code, no card.

~60s · 5+ exposure classes · no data stored

  • Free teaser scan in ~60 seconds
  • GST invoice included
  • Money-back if your app is clean
  • No scan data sold or shared
  • Aligned with CERT-In recommended practices
  • DPDPA-ready reporting
  • Built and run in India
  • WhatsApp support
What we scan for

The exposures AI tools quietly ship to production

Every scan looks for the same classes of issue we keep finding in SMB sites and AI-built apps — the gaps attackers and automated bots probe for first.

secretsscan ▸

Exposed secrets

API keys, tokens and credentials hardcoded into the JavaScript bundles your visitors download.

$ AIzaSyD7q…b2 — found in /static/chunks/main.js

headersscan ▸

Security headers

Missing CSP, HSTS and X-Frame-Options that leave you open to clickjacking and script injection.

$ content-security-policy: (absent)

sourcemapsscan ▸

Source maps

Your original, un-minified source code served publicly through leftover .map files.

$ GET /static/index.js.map → 200 OK

subdomainsscan ▸

Forgotten subdomains

Staging and dev environments — often unprotected — indexed in public certificate transparency logs.

$ staging.yourapp.com — crt.sh match

dnsscan ▸

DNS & email spoofing

Misconfigured SPF/DMARC and dangling records that let attackers send mail as your domain.

$ DMARC policy: none

compliancescan ▸

DPDPA & CERT-In gaps

Your exposures mapped against CERT-In recommended practices and DPDPA expectations.

$ 12 controls assessed

How it works

From URL to fixed in three steps

No agents to install, no source code to hand over. You stay in control the whole way.

  1. 01step 01

    Enter your URL

    The free teaser scan runs on public signals only — what anyone on the internet can already see. No code, no login, no card.

  2. 02step 02

    Verify & go deep

    Prove you own the domain, then unlock the full scan across 40+ vectors with severity-ranked findings and a GST invoice.

  3. 03step 03

    Fix & stay safe

    Follow plain-English remediation steps, or let our team patch it for you. Re-scan automatically every week with Pro.

Why trust us

Built to earn trust, not spread fear

Security shouldn't feel like a threat. We show you exactly what we found, explain why it matters, and only charge when there's something worth fixing.

Your data stays yours

We scan public signals and verified pages. We never sell or share what we find — your report is for you alone.

Money-back if you're clean

If a full scan turns up no actionable issues, the ₹99 is refunded. We only charge when we've found something worth fixing.

Real humans on WhatsApp

Stuck on a fix or unsure what a finding means? Message our team directly — no ticket queue, no bots.

Compliance-aware by design

Findings are mapped to CERT-In recommended practices and DPDPA expectations, so you know what regulators care about.

Pricing

Honest pricing. No lock-in.

Start with a free teaser scan — no signup, no card. Upgrade only if you want the full picture.

Launch Check

Quick pre-launch security check, delivered to your inbox.

₹499one-time
  • Full passive scan across 40+ vectors
  • Severity-ranked findings with fixes
  • Report emailed when ready
  • Shareable link, kept 30 days
Run Launch Check

Recon

Deep reconnaissance report with DPDPA mapping.

₹2,999one-time
  • Comprehensive passive + active recon
  • DPDPA exposure analysis
  • Attacker walkthrough narrative
  • Credential rotation playbook
  • PDF report + executive summary
Get Recon report
Coming soon

Shield

Full coverage for growing teams.

₹4,999per month
  • Everything in Watch Solo
  • Monthly Recon-grade deep scans
  • Fix guidance on every finding
  • Compliance dashboard
  • Slack/email alerts
Coming soon

See all plans & pricing →

FAQ

Questions, answered

Is the free scan really free?+

Yes. The teaser scan checks public signals only — things anyone on the internet can already see — and needs no signup or card. You only pay if you want the full report.

Will scanning break or slow down my website?+

No. A teaser scan is passive: we read what your site already exposes publicly. The full scan is rate-limited and runs only after you verify domain ownership.

Do I need to be technical to use this?+

No. Every finding comes with a plain-English explanation and fix. If you'd rather not touch code at all, our Fix Pack handles it for you — 10 PRs in 2 weeks.

Do you provide a GST invoice?+

Yes — every paid scan and service includes a proper GST invoice you can download for your records.

What's the difference between Launch Check and Recon?+

Launch Check (₹499) is a quick pre-launch scan with fixes. Recon (₹2,999) goes deeper — DPDPA exposure analysis, attacker walkthrough, rotation playbook, and a full PDF report.

See what's exposed — in 60 seconds

Run a free teaser scan on any domain. No signup, no card — just the public signals attackers already see.

Scan my site free