Building Better Software
Product has been added to your cart.

Hacked Site Scanner

Checks a URL for SEO-spam injection and cloaking. URL only. No login, no SSH, nothing touches the target server.

Under the hood it runs a cloaked-fetch diff (normal browser vs Googlebot vs Google-referer), pulls the most recent Wayback snapshot, queries URLscan.io and Sucuri SiteCheck, and scans the HTML for hidden-content patterns. Claude ranks everything into a severity verdict with a specific next step. The Wayback snapshot's age is reported so you can weight its signal.

What it cannot do: file-system, database, or server-cron inspection. That needs SSH.

Have SSH access? The companion script spam-link-audit.sh runs everything this tool does plus the full server-side sweep: recently-modified PHP, obfuscated-payload grep, wp_options payload scan, rogue-cron detection, invisible-admin check. Read-only. Safe on production.
github.com/bhowe/hacked-site-audit

Supports GET deep-link: ?url=https://example.com&run=1. Aliases: url, u.