Every check Secho Scanner runs, organized by scan type. Click a tab to explore the full coverage across 7 scan modules.
3rd Party Risk (TPRM) — Assesses any domain's external security posture. No credentials needed. Runs in under 60 seconds.
DNS & Domain
DNSSEC enabledMEDIUM
CAA records configuredMEDIUM
Wildcard DNS exposureLOW
DNS zone transfer blockedHIGH
Domain registration expiryMEDIUM
SSL / TLS
Certificate valid and trustedCRITICAL
TLS version (1.2+ required)HIGH
Cipher suite strengthMEDIUM
Certificate expiry warningHIGH
HSTS header presentMEDIUM
Email Security
SPF record configuredHIGH
DMARC policy (reject/quarantine)HIGH
DKIM key presentMEDIUM
MTA-STS policyLOW
BIMI recordLOW
HTTP Security Headers
Content-Security-PolicyMEDIUM
X-Frame-OptionsMEDIUM
X-Content-Type-OptionsLOW
Referrer-PolicyLOW
Permissions-PolicyLOW
Threat Intelligence
Shodan CVE / open port detectionHIGH
GreyNoise IP classificationHIGH
Feodo Botnet C2 blocklistCRITICAL
URLhaus malware URL checkCRITICAL
AbuseIPDB reputation scoreHIGH
MX record IP threat checkHIGH
Breach & Exposure
Known data breach (XposedOrNot)CRITICAL
Credential exposure checkCRITICAL
Open ports (22, 3389, 5432…)HIGH
Vendor Compliance
NDAA §889 prohibited vendorsCRITICAL
FCC Covered List checkCRITICAL
DOD CMCL / Entity ListHIGH
OFAC sanctioned entitiesCRITICAL
CISA advisory vendorsHIGH
27+ known prohibited vendorsCRITICAL
Vendor Security Posture
SSL grade for detected vendorsHIGH
CISA KEV CVE matchesCRITICAL
Vendor security scoreMEDIUM
GCP Audit — Full infrastructure audit of a Google Cloud project. Requires Application Default Credentials with Security Reviewer role.
Identity & Access (IAM)
Public IAM bindings (allUsers)CRITICAL
Primitive roles (Owner/Editor)HIGH
Default compute service accountMEDIUM
Service account key ageHIGH
Org policy constraintsMEDIUM
Essential Contacts configuredLOW
Storage
Public buckets (allUsers IAM)CRITICAL
Uniform bucket-level accessMEDIUM
Object versioning enabledLOW
Retention policy setLOW
BigQuery public datasetsCRITICAL
Artifact Registry public reposHIGH
Networking
Firewall rules open to 0.0.0.0/0HIGH
Default VPC in useMEDIUM
VPC flow logs enabledMEDIUM
Private Google AccessLOW
Cloud NAT configuredLOW
DNS query loggingMEDIUM
Network change monitoringMEDIUM
Load Balancers
HTTP → HTTPS redirectHIGH
SSL policy TLS versionMEDIUM
Cloud Armor WAF attachedHIGH
Backend service loggingLOW
Compute (VMs)
Public IP addressesMEDIUM
Shielded VM enabledMEDIUM
OS Login disabledMEDIUM
Serial port accessHIGH
Project-wide SSH keysHIGH
Database (Cloud SQL)
Public IP enabledHIGH
SSL required for connectionsHIGH
Automated backups enabledMEDIUM
CMEK encryptionLOW
GKE (Kubernetes)
Public control plane endpointHIGH
Network policy enabledMEDIUM
Legacy ABAC disabledHIGH
Workload Identity enabledMEDIUM
Private nodes configuredMEDIUM
Release channel setLOW
Serverless & App
Cloud Functions public invocationHIGH
Cloud Run unauthenticated accessHIGH
App Engine public servingMEDIUM
Logging & Monitoring
Data access audit logsMEDIUM
Log export sinks configuredMEDIUM
API key restrictionsMEDIUM
Event Detection (Real-time)
IAM policy changesCRITICAL
Cryptomining activityCRITICAL
Auth failure burstsHIGH
Firewall rule changesHIGH
Privilege escalationCRITICAL
Unusual service account usageHIGH
AWS Audit — Full account audit across IAM, S3, EC2, RDS, CloudTrail, load balancers, Lambda, API Gateway, CloudFront, ECS, and OpenSearch.
Identity & Access (IAM)
Root account MFA enabledCRITICAL
Root account access keysCRITICAL
Password policy strengthMEDIUM
Users with admin accessHIGH
Unused access keys (90+ days)HIGH
MFA enforcementHIGH
S3 Storage
Public access block settingsHIGH
Bucket ACL public accessCRITICAL
Server-side encryptionMEDIUM
Versioning enabledLOW
MFA delete enabledMEDIUM
EC2 & Networking
Security groups open to 0.0.0.0/0HIGH
Public IP addressesMEDIUM
SSH/RDP open to worldCRITICAL
IMDSv2 requiredMEDIUM
Load Balancers (ALB/NLB)
HTTP → HTTPS redirectHIGH
SSL policy (TLS 1.2+)MEDIUM
WAF (WebACL) attachedMEDIUM
Access logging enabledLOW
RDS Databases
Publicly accessible flagHIGH
Encryption at restMEDIUM
Automated backups enabledMEDIUM
Multi-AZ enabledLOW
Auto minor version upgradeLOW
Serverless & Functions
Lambda public function URLsHIGH
Lambda auth type (NONE)HIGH
API Gateway public stagesMEDIUM
API Gateway WAF attachmentMEDIUM
CloudFront & CDN
WAF (WebACL) attachedMEDIUM
HTTPS-only viewer protocolHIGH
Distribution deployed statusMEDIUM
ECS / Fargate
Running tasks with public IPsMEDIUM
Task definition exposureMEDIUM
OpenSearch
Domain not in VPCHIGH
Access policy verificationHIGH
Encryption at restMEDIUM
CloudTrail & Logging
CloudTrail enabledCRITICAL
Multi-region trailHIGH
Log file validationMEDIUM
Trail actively loggingCRITICAL
Azure AuditComing Soon — Full subscription audit across Entra ID, Storage, Networking, VMs, SQL, AKS, Functions, App Service, Front Door, Key Vault, and Activity Logs. Coverage below is the planned scope.
Identity & Access (Entra ID)
Global Administrator MFA enforcedCRITICAL
Owner / Contributor role assignmentsHIGH
Guest user access reviewMEDIUM
Service principal credential ageHIGH
Conditional Access policiesMEDIUM
Privileged Identity ManagementMEDIUM
Storage Accounts
Public blob container accessCRITICAL
Allow public network accessHIGH
Secure transfer (HTTPS) requiredHIGH
Minimum TLS version 1.2MEDIUM
Soft delete / versioningLOW
Storage account key rotationMEDIUM
Networking (VNet / NSG)
NSG rules open to 0.0.0.0/0HIGH
SSH/RDP exposed to internetCRITICAL
NSG flow logs enabledMEDIUM
DDoS Protection StandardMEDIUM
Private endpoints configuredMEDIUM
Network Watcher enabledLOW
App Gateway / Front Door
HTTP → HTTPS redirectHIGH
SSL policy (TLS 1.2+)MEDIUM
WAF policy attachedHIGH
Diagnostic logging enabledLOW
Virtual Machines
Public IP addressesMEDIUM
Disk encryption (ADE)HIGH
Just-in-Time VM accessMEDIUM
Endpoint protection installedMEDIUM
OS patch complianceHIGH
Database (Azure SQL)
Public network access allowedHIGH
Enforce SSL connectionsHIGH
Transparent Data EncryptionMEDIUM
Automated backups configuredMEDIUM
Azure AD authenticationMEDIUM
Advanced Threat ProtectionMEDIUM
AKS (Kubernetes)
Public API server endpointHIGH
Azure RBAC integrationMEDIUM
Network policy enabledMEDIUM
Managed identity for clusterMEDIUM
Private cluster configuredMEDIUM
Cluster version / auto-upgradeLOW
Serverless & App Service
Function App anonymous accessHIGH
App Service authenticationHIGH
HTTPS-only enforcementHIGH
Minimum TLS version 1.2MEDIUM
Managed identity assignedMEDIUM
Key Vault & Secrets
Soft delete & purge protectionHIGH
Public network access restrictedHIGH
RBAC authorization enabledMEDIUM
Secret / key expiration setMEDIUM
Diagnostic logging enabledMEDIUM
Logging & Monitoring
Activity Log retention (365+ days)CRITICAL
Diagnostic settings on key resourcesHIGH
Log Analytics workspace configuredMEDIUM
Microsoft Defender for CloudHIGH
Event Detection (Real-time)
Role assignment changesCRITICAL
NSG / firewall rule changesHIGH
Privilege escalation attemptsCRITICAL
Cryptomining activityCRITICAL
Auth failure burstsHIGH
Unusual service principal usageHIGH
GitHub Audit — Full organization security audit. Requires a GitHub token with read:org and repo scopes.
Organization Security
2FA enforced org-wideCRITICAL
Default repository visibilityHIGH
Member forking permissionsMEDIUM
Outside collaborator accessMEDIUM
SSO enforcementMEDIUM
Repository Settings
Branch protection rulesHIGH
Required PR reviewsHIGH
Force push protectionHIGH
Admin push bypass disabledMEDIUM
Stale review dismissalMEDIUM
Secrets & Credentials
Secret scanning enabledCRITICAL
Push protection activeHIGH
Exposed secrets detectedCRITICAL
Actions secrets scopeMEDIUM
Supply Chain
Dependabot alerts enabledHIGH
Dependency review actionMEDIUM
SBOM generationLOW
Package registry visibilityMEDIUM
GitHub Actions
Actions permissions policyHIGH
Pinned action versionsMEDIUM
GITHUB_TOKEN permissionsMEDIUM
Self-hosted runner securityHIGH
Workflow approval for forksMEDIUM
Access & Permissions
Dormant member accountsMEDIUM
Admin countMEDIUM
Deploy key ageHIGH
OAuth app authorizationsMEDIUM
AI Audit — Security audit of AI/ML infrastructure on GCP or AWS with NIST AI RMF benchmark mapping.
GCP Vertex AI
Vertex AI public endpoint exposureHIGH
Model endpoint IAM accessHIGH
Training job data accessMEDIUM
Notebook server securityMEDIUM
Pipeline artifact encryptionMEDIUM
Cloud Functions & Run
AI serving functions public accessHIGH
Cloud Run AI services authHIGH
Ingress settings reviewMEDIUM
Secret Manager
API keys in Secret ManagerMEDIUM
Secret access audit loggingMEDIUM
Rotation policy configuredLOW
IAM for AI Workloads
AI service account permissionsHIGH
Overprivileged AI rolesHIGH
Cross-project data accessMEDIUM
Training Data Exposure
Training data bucket accessCRITICAL
Dataset public bindingsCRITICAL
Data pipeline encryptionMEDIUM
Benchmark Mapping
NIST AI RMF controlsMEDIUM
FedRAMP AI requirementsMEDIUM
NIST 800-53 AI controlsMEDIUM
SOC 2 AI trust criteriaMEDIUM
Document Audit — Scans contracts, procurement docs, and vendor agreements for EO18/NDAA §889 compliance. Light mode runs pattern matching only (no AI). Deep mode adds AI analysis via Vertex AI (FedRAMP authorized), Gemini, or OpenAI.
Layer 1 — Pattern Matching (Light & Deep)
Prohibited Vendors — NDAA §889 / FCC
Huawei TechnologiesCRITICAL
ZTE CorporationCRITICAL
Hytera CommunicationsCRITICAL
Hangzhou HikvisionCRITICAL
Dahua TechnologyCRITICAL
Baicells TechnologiesCRITICAL
Pacific Networks / ComNetCRITICAL
Luminys SystemsCRITICAL
Prohibited Vendors — OFAC / DOD / CISA
Kaspersky LabCRITICAL
TikTok / ByteDanceHIGH
WeChat / TencentHIGH
Alibaba / AliyunHIGH
DJI (Da-Jiang Innovations)HIGH
SenseTime GroupHIGH
Megvii / Face++HIGH
iFlytek, Inspur, NuctechHIGH
Dr.Web, Positive TechnologiesHIGH
China Telecom / Unicom / MobileHIGH
HKT / PCCWHIGH
Quectel / Fibocom / MeiGHIGH
Required Compliance Clauses
Checked for federal contracts and procurement agreements.
FAR 52.204-25 — Prohibition on covered telecomCRITICAL
FAR 52.204-26 — Contractor representationHIGH
NDAA §889 certification languageCRITICAL
DFARS 252.204-7019 — NIST 800-171 DoD assessmentMEDIUM
