Get started
Tools / Security Scanner
Security Scanner icon

Security Scanner

Scan URLs, IPs, domains and files for threats

Try with Claude

Security Scanner checks URLs, domains, IP addresses, and file hashes against dozens of threat intelligence sources at once. Get a clear verdict on whether something is malicious, phishing, or suspicious — in seconds, without logging into multiple dashboards.

It covers the full range of security checks developers and IT teams need: threat lookups, TLS certificate inspection, security header audits, and full vulnerability scans. A single security_report call runs everything and comes back with a risk score.

What you can do

  • Check any URL against 70+ antivirus and threat engines
  • Look up domains for malware, phishing, and threat intelligence flags
  • Check IP addresses for abuse reports and threat actor associations
  • Verify file hashes to detect known malware samples
  • Probe hosts for HTTP security headers and TLS configuration
  • Scan for vulnerabilities and generate a scored risk report

Who it's for

Developers who want to audit their own domains before launch. Security teams triaging suspicious links or IPs. SaaS builders who need to validate user-submitted URLs. Anyone who needs a quick, multi-source threat verdict without switching between tools.

How to use it

  1. For a full audit, use security_report — it runs all checks in one go and returns a risk score with prioritized findings
  2. For targeted checks, use check_url, check_domain, check_ip, or check_hash individually
  3. Use probe_hosts to inspect HTTP headers and TLS on any domain
  4. Use scan_targets for vulnerability scanning — note this runs async and takes around 60 seconds

Getting started

Connect your VirusTotal account for full threat intelligence coverage. AbuseIPDB adds community abuse reports on IP checks. Both are optional — threat feeds from URLhaus and ThreatFox run without any API key.

Check URL

Check if a URL is malicious, phishing, or suspicious by scanning it against 70+ security engines. Returns a verdict, detection count, and category classifications.

Returns: Threat verdict, detection stats from 70+ engines, reputation score, and URL categories
Check Domain

Get the threat reputation of a domain including detection stats from 70+ engines, DNS records, WHOIS data, registrar info, and popularity rankings.

Returns: Domain threat verdict, DNS records, WHOIS info, registrar, and popularity rankings
Check IP Address

Look up an IP address for threat intelligence including detection stats from 70+ engines, geolocation, ASN ownership, and network details.

Returns: IP threat verdict, geolocation, ASN ownership, network range, and detection stats
Check File Hash

Look up a file hash (MD5, SHA-1, or SHA-256) to check if the file is known malware. Returns detection stats from 70+ antivirus engines, sandbox verdicts, and file metadata.

Returns: File threat verdict, AV detection stats, sandbox analysis, and file metadata
Scan Targets

Scan web targets for security vulnerabilities by severity. Checks transport security, headers, and common exposure paths like .env and .git.

Returns: Severity-filtered security findings with scanner mode and per-severity counts
Probe Hosts

Probe multiple web targets for HTTP status, response times, TLS certificates, security headers, and technology signals. Scan up to 100 hosts concurrently.

Returns: Per-target probe intelligence including status, TLS posture, security headers, and reachability
Security Report

Comprehensive one-shot security audit. Runs domain reputation, URL check, host probing, and vulnerability scan in parallel. Returns a unified risk score (0-100) with risk factors.

Returns: Unified security report with risk score, risk factors, and full intelligence from 5+ sources
Loading reviews...

Loading activity...

v0.042026-03-25
  • Merged security-httpx probe_hosts skill — one tool for all security checks
  • Multi-source enrichment: URLhaus + ThreatFox (free) on all checks, AbuseIPDB on IP checks
  • Added security_report — comprehensive one-shot audit with risk scoring
  • Now queries 5 threat intelligence sources in parallel per check
v0.032026-03-25
  • Renamed to security-scanner
  • Added VirusTotal threat intelligence: check_url, check_domain, check_ip, check_hash
  • Now scans URLs, domains, IPs, and file hashes against 70+ antivirus engines
v0.022026-03-22
  • Added subtitle, expanded description, and agent instructions
v0.012026-03-20
  • Initial release as security-nuclei

Security Scanner Use Cases(5)

Browse all 5 Security Scannerguides →
Open Check URLs Before Clicking

Check URLs Before Clicking

Scan suspicious links against threat intelligence feeds before opening them or sharing them with colleagues.

Security Scanner icon
Security Scanner4 agent guides
Open Investigate Suspicious IP Addresses

Investigate Suspicious IP Addresses

Check IP addresses against abuse databases and threat feeds to assess risk before allowing traffic into your network.

Security Scanner icon
Security Scanner4 agent guides
Open Analyze App Review Sentiment

Analyze App Review Sentiment

Understand how users feel about your app by analyzing sentiment patterns across hundreds or thousands of reviews.

App Review Analysis icon
App Review Analysis4 agent guides
Open Look Up DNS Records

Look Up DNS Records

Query DNS records for any domain to inspect A, AAAA, MX, CNAME, TXT, and NS configurations.

DNS Domain icon
DNS Domain4 agent guides
See every Security Scanneruse case (Claude, ChatGPT, Copilot, OpenClaw guides) →

Workflows

Vendor Security Vetting
Compliance Screening icon
Compliance Screening
Security Scanner icon
Security Scanner
Phishing Email Checker icon
Phishing Email Checker
Word Documents icon
Word Documents
Domain Threat Assessment
Security Scanner icon
Security Scanner
Whois RDAP icon
Whois RDAP
Web Archive icon
Web Archive
Word Documents icon
Word Documents
Phishing Campaign Triage
Phishing Email Checker icon
Phishing Email Checker
Security Scanner icon
Security Scanner
Web Search icon
Web Search
Word Documents icon
Word Documents

Related Tools

Related Categories

🛡️ Security🏗️ Infrastructure📊 Analytics

Popular with

Android DeveloperAutomation TechnicianBackend DeveloperBlockchain DeveloperBroadcast EngineerCloud ArchitectCommercial Lines UnderwriterCompliance Officer

Frequently Asked Questions

What kind of checks does Security Scanner combine?

It combines reputation lookups for URLs, domains, IPs, and file hashes with host probing, vulnerability scanning, and a one-shot security report. That makes it useful when you want both threat intelligence and basic exposure checks in one place.

Which skill should I use for a suspicious site, server, or file?

Use `check_url` for a full URL, `check_domain` for a domain reputation check, `check_ip` for an IP address, and `check_hash` for a file hash. If you want a broader web-target assessment, use `probe_hosts`, `scan_targets`, or `security_report`.

Does it actively scan targets or only query threat feeds?

It does both. The reputation skills query security data sources, while `probe_hosts` inspects HTTP, TLS, and security headers and `scan_targets` checks for common exposures and vulnerabilities.

Is it instant or does it run asynchronously?

Most reputation checks return quickly. The broader `scan_targets` and `security_report` flows can take longer and are better treated as async security jobs.