Skip to main content
Back to Home

Frequently Asked Questions

Everything you need to know about UNPWNED and how it keeps your domains secure.

What does UNPWNED scan?

UNPWNED runs 700+ security checks across 9 categories on your domain covering SSL/TLS analysis, security headers, exposed secrets, config file detection (.env, credentials.json, SSH keys), open ports, DNS configuration, data breach monitoring, cookie security, cloud misconfigurations, source code analysis, and more. Deep Scan adds active probing including CVE fingerprinting, error disclosure analysis, form security testing, and open redirect detection for verified domains. You can also connect your GitHub repositories for scheduled scans of secrets, dependencies, and config files.

Can I monitor my GitHub repos?

Yes. UNPWNED offers GitHub Repo Monitoring for Pro users. Connect your GitHub account via OAuth, select the repositories you want to monitor, and UNPWNED will run scheduled scans checking for leaked secrets (34+ patterns), vulnerable dependencies, and exposed config files like .env, credentials.json, and SSH keys. When issues are found, you get notified via email and webhooks, and UNPWNED can automatically create GitHub Issues in the affected repository so your team can track and resolve findings directly in your workflow.

Is it safe to scan my domain?

Yes. The standard scan performs read-only, non-intrusive checks - the same information any security researcher could find. Deep Scan performs active probing (testing HTTP methods, probing paths, etc.) but only on domains you've verified ownership of. We never attack, modify, or exploit your site.

How long does a scan take?

Most scans complete in under 2 minutes. The exact time depends on the number of checks and the responsiveness of external APIs. You'll receive a notification when your report is ready.

Why did my scan return results instantly?

If we recently scanned the same domain for another user, we serve a cached version of those results to you instead of running new scanners. This keeps things fast and prevents abuse. Cached results show finding titles and severity only. Detailed remediation guidance is reserved for Pro users on fresh scans. To always get a fresh scan, verify your domain ownership or upgrade to Pro.

What's the difference between Free and Pro?

The Free plan gives you 2 scans per month with score, grade, and finding titles for every check, plus one (1) lifetime deep scan on a verified domain so you can taste the value. Pro plans start at $9/month (7 scans), $19/month (20 scans), or $49/month (100 scans). All Pro tiers include unlimited deep scans, full AI fix prompts, PDF export, scan history, score trends, continuous monitoring with CVE alerts, GitHub integration, security badge, and priority support. No Business tier - just one Pro tier with flexible volume. Cancel anytime.

How does the AI report work?

After the scan completes, we feed the raw results into an AI engine that translates technical findings into plain-English explanations. Each vulnerability comes with a severity rating, a clear description of the risk, and step-by-step instructions to fix it. No security expertise required.

Do you store my scan data?

Yes, scan results and generated reports are stored securely in our database so you can access them anytime from your dashboard. All data is encrypted at rest and in transit. If you delete your account, all associated scan data is purged within 90 days. We never sell or share your data with third parties.

Can I share my report with my team?

Yes. Every report gets a unique shareable link (token-based URL) that you can send to teammates, clients, or stakeholders. The link provides read-only access to the report without requiring a login.

What if I find a critical vulnerability?

Don't panic. The AI report will explain exactly what the issue is and how to fix it with step-by-step instructions. For critical findings, we recommend addressing them immediately and running a follow-up scan to confirm the fix. If you need help, Pro users have access to priority support.

Who built UNPWNED?

UNPWNED is an independent security platform built to make web security accessible to every developer. We believe that security shouldn't be a luxury or require a dedicated team. Every developer shipping code deserves to know if their domain is exposed.

How do I contact support?

Reach us anytime at [email protected]. Pro users get priority response times. We typically respond within 24 hours.

Still Have Questions?

Reach out to us at [email protected] and we'll get back to you within 24 hours.

Start Scanning Free