SafeToShip | Automated Security Scanner for Indie Hackers

SafeToShip is a passive, non-intrusive security analysis tool designed to help developers identify public misconfigurations. We do not exploit vulnerabilities, inject malicious payloads, or access private data.

1. Scope of Scanning

Our scanner performs standard HTTP requests (GET, HEAD) to public endpoints. It checks for:

Publicly exposed environment files (e.g., .env)
Misconfigured HTTP headers
Exposed source maps and API keys in client-side JavaScript
Commonly exposed admin routes

We never attempt to bypass authentication, perform SQL injection, or execute Cross-Site Scripting (XSS) attacks.

2. Authorization

By using SafeToShip, you represent and warrant that you are the owner of the target URL or have explicit permission to scan it. Scanning third-party infrastructure without consent is a violation of our Terms of Service.

3. False Positives

Automated scanners may produce false positives. A "Failed" check does not necessarily mean your site is compromised, and a "Passed" check does not guarantee it is hack-proof. Use our report as a guide, not a certification.

Responsible Disclosure & Ethics

1. Scope of Scanning

2. Authorization

3. False Positives