VPS Security Scanner — Audit Your Self-Hosted Server
Run an external security scan against your VPS public IP. Available to Self-Hosting Course students. Audits SSH, exposed databases, container APIs, management UIs, DDoS amplification, and IP reputation.
What this scanner checks
Self-Hosting Course studentsServer-level posture only: open TCP ports, SSH hardening (host keys, ciphers, MACs, auth methods), exposed databases (Redis, Postgres, MySQL, MongoDB, Elasticsearch), exposed container/cluster APIs (Docker, Kubernetes, etcd, Kubelet), exposed management UIs (Grafana, Portainer, Jenkins, RabbitMQ, Prometheus), DDoS amplification vectors, and IP reputation. Takes 30-60 seconds plus AI analysis.
Sign in to run a VPS scan
The VPS scanner is a hands-on tool for Self-Hosting Course students. Sign in to use it, or explore the course.
Sign inScanning …
Queued
Analyzing...
Fix today
- No critical actions.
Fix this week
- Nothing pressing.
Top recommendations
Scan complete for
Findings grouped by severity. Fix the top of the list first.
What this tool can’t see
This is an external scan from our infrastructure to your VPS. It can’t check kernel patch level, fail2ban or ufw rules from the inside, what’s running as root, your unattended-upgrades config, or backup integrity. It also doesn’t audit websites, TLS certificates, or email/DNS records — run those checks against a domain name with a different tool. For full server hardening, see the Self-Hosting Course.
Self-hosting puts you in control — and in charge of security. This scanner runs an external audit against any public VPS IP you point it at and reports server-level findings grouped by severity, so you know what to fix first.
What it checks
- TCP port surface — what services are reachable from the internet
- SSH hardening — weak host keys, key exchanges, ciphers, MACs, password authentication
- Exposed databases — Redis, PostgreSQL, MySQL, MongoDB, Elasticsearch reachable from the public internet
- Container & cluster APIs — Docker, Kubernetes, etcd, Kubelet
- Management UIs — Grafana, Portainer, Jenkins, RabbitMQ, Prometheus, Adminer, phpMyAdmin
- DDoS amplification vectors — open recursive DNS, NTP monlist, memcached UDP, SNMP public
- IP reputation — DNSBL listings (Spamhaus, Barracuda, SpamCop, SORBS)
- Reverse DNS (PTR) — informational
An AI summary at the top ranks findings, scores overall risk, and outlines fixes for today vs. this week.
What this tool isn’t
This is a VPS scanner, not a website scanner. It does not check TLS certificates, HTTP security headers, SPF/DMARC/DNSSEC, mail hygiene, or anything that requires a domain name. Audit those separately against your hostname.
What this tool can’t see
It runs from outside, so it can’t check your kernel patch level, your firewall rules from the inside, what’s running as root, your unattended-upgrades config, or backup integrity. For those, see the Self-Hosting Course.