SGServer Guard
Built for MSPs & sysadmins

Find what your server
is leaking.

Point Server Guard at a domain and get an instant posture score plus a plain-English list of exposed paths, weak headers and outdated versions — with a remediation checklist you can hand straight to a client.

Read-only · no signup · ~15s · scan only domains you’re authorised to test

Read-only, non-intrusive checks. Scan only domains you own or are authorised to test.

What we check

The misconfigurations that get small-business servers breached — the ones default installs leave wide open.

🗂️

Exposed files & paths

Reachable .env, .git, database dumps, backups, phpMyAdmin and admin panels — the doors attackers walk straight through.

🛡️

Weak security headers

Missing HSTS, CSP, X-Frame-Options and friends — the cheap hardening that's usually just not turned on.

📟

Outdated server versions

nginx, Apache, IIS, PHP and OpenSSL banners checked against known end-of-life and CVE-bearing versions.

🔌

Transport & TLS gaps

No HTTPS, no HTTP→HTTPS redirect, downgradeable first requests — the basics that leave logins interceptable.

🍪

Insecure cookies

Session cookies missing Secure, HttpOnly or SameSite — easy session theft and CSRF if left unflagged.

🗣️

Information disclosure

Server banners, X-Powered-By, directory listings and phpinfo() pages that hand attackers a map of your stack.

How it works

1

Enter a domain

Any domain you own or manage. No agent to install, no credentials, no access to give.

2

We probe it read-only

Server Guard makes ordinary GET requests to the homepage and a list of well-known sensitive paths — nothing intrusive.

3

Get a client-ready report

A 0–100 posture score, prioritised findings in plain English, and a fix checklist you can hand to a client or a junior.

Reports your clients will actually read

Raw scanner output means nothing to a business owner. Server Guard turns every finding into a client-ready explanation — what’s exposed, why it matters, and exactly how to fix it — so you can resell the audit instead of translating it.

Scan a domain freeSee pricing
  • 0–100 posture score & letter grade per domain
  • Findings ranked critical → low, each in plain English
  • Exact path / header + a concrete fix for every issue
  • Estimated remediation effort & cost
  • Scheduled weekly re-scans on paid plans
  • White-label client reports (MSP Team plan)