Stop chasing
malware. Find
what let it in.
Malware scanners tell you you've been hacked. sec-scan finds the vulnerable code that let it happen so you can fix the cause, not just clean up the mess.
Free during preview - no credit card needed.
Malware scanners are not enough
Finding injected webshells means you're already compromised. sec-scan finds the vulnerabilities in your own code that made the attack possible.
| Other scanners | sec-scan | |
|---|---|---|
| Detect injected webshells & backdoors | ||
| Find SQL injection in your code | ||
| Find SSRF & insecure file operations | ||
| Find unrestricted file uploads | ||
| Understand OXID eShop & Shopware patterns | ||
| When it helps | After breach | Before breach |
How it works
Create an account
Sign up and generate your API token. Takes less than a minute.
Scan your codebase
Point the CLI at any PHP directory. Batching, uploads, and caching are handled automatically.
Fix before you're hacked
Review vulnerabilities in your code. Filter by risk, see exactly which line is the problem, fix the root cause.
What makes sec-scan different
Built from years of hosting PHP shops - not from a textbook.
Fast without cutting corners
Quick triage filters 99% of clean files. Only suspicious code gets the full scan - accurate results without the wait.
Your framework, understood
Trained on OXID, Shopware, and Magento internals. Knows the difference between an ORM property and a SQL injection.
Scan once, share everywhere
Every file cached globally by content hash. Re-scans, CI runs, and team sharing return results in milliseconds.
Built by the ScaleCommerce team
From the people who host and secure e-commerce shops
sec-scan is built by the team behind ScaleCommerce - a managed e-commerce hosting platform running 180+ high-profile online shops on Shopware, OXID eShop, Magento and other PHP based frameworks.
What we've seen
What we built into sec-scan
Frequently asked questions
Stop cleaning up hacks. Start preventing them.
Limited to 50 early access spots. Secure yours.
