Pyalm Guard

Pyalm Guard

An authorized security posture assessment tool. Point it at a domain you own or are contracted to test, and it runs a full, non-destructive checkup — from DNS and subdomains to TLS, email authentication, and threat intelligence — scored into one clear risk grade.

Open Pyalm Guard
Capabilities

One Scan, Your Whole External Posture

Guard runs more than a dozen checks concurrently against a target you control, then ranks every finding by severity so you know what to fix first.

🌐

Attack-Surface Discovery

Full DNS enumeration plus passive subdomain discovery (CT logs, OTX and more) and wordlist brute-force with wildcard detection — including dangling-CNAME flagging for subdomain-takeover risk.

📧

Email Authentication & OSINT

SPF, DKIM (multi-selector), DMARC, and DNSSEC analysis, plus discovery of published addresses cross-referenced against known breaches so spoofing and exposure show up early.

🔒

TLS & Security Headers

Protocol versions, cipher strength, and certificate-chain and expiry checks, alongside HSTS, CSP, X-Frame-Options and the rest of your HTTP security headers — each with a letter grade.

🛰️

Ports, Services & Fingerprint

An async TCP connect scan of common ports with banner grabbing, plus technology fingerprinting for server, framework, CMS, and languages behind the target.

🛡️

Threat Intelligence

DNS blocklists (Spamhaus, SpamCop, Barracuda) and URLhaus checks, with VirusTotal, AbuseIPDB, and Shodan reputation and exposed-CVE lookups when you add your keys.

⚠️

Authorized & Non-Destructive

Every scan requires explicit authorization and blocks government and military targets. Passive recon and safe active probes only — there is no exploitation engine by design.

How it works

Authorize, Scan, Then Read the Grade

Guard is local-first: the backend stores nothing, and your history and keys stay in your own browser.

Authorize

Confirm you own the target or have written permission to test it. Guard validates the hostname and refuses government and military domains before anything runs.

⚙️

Scan

A FastAPI engine runs every module concurrently — DNS, subdomains, email auth, TLS, headers, ports, tech, threat intel, and breach checks — using passive recon and safe active probes only.

📊

Report

Findings are aggregated into a severity-ranked report with an overall risk score, so a domain's weak spots are obvious at a glance and prioritised for you.

Check your security posture in minutes

Run an authorized, non-destructive assessment on a domain you own and get a prioritised risk grade — no account, no data stored on our servers.

Open Pyalm Guard All Pyalm products