Every check Secho Scanner runs, organized by scan type. Click a tab to explore the full coverage.
3rd Party Risk (TPRM) — Assesses any domain's external security posture. No credentials needed. Runs in under 60 seconds.
DNS & Domain
DNSSEC enabledMEDIUM
CAA records configuredMEDIUM
Wildcard DNS exposureLOW
DNS zone transfer blockedHIGH
Domain registration expiryMEDIUM
SSL / TLS
Certificate valid and trustedCRITICAL
TLS version (1.2+ required)HIGH
Cipher suite strengthMEDIUM
Certificate expiry warningHIGH
HSTS header presentMEDIUM
Email Security
SPF record configuredHIGH
DMARC policy (reject/quarantine)HIGH
DKIM key presentMEDIUM
MTA-STS policyLOW
BIMI recordLOW
HTTP Security Headers
Content-Security-PolicyMEDIUM
X-Frame-OptionsMEDIUM
X-Content-Type-OptionsLOW
Referrer-PolicyLOW
Permissions-PolicyLOW
Threat Intelligence
Shodan CVE / open port detectionHIGH
GreyNoise IP classificationHIGH
Feodo Botnet C2 blocklistCRITICAL
URLhaus malware URL checkCRITICAL
AbuseIPDB reputation scoreHIGH
MX record IP threat checkHIGH
Breach & Exposure
Known data breach (XposedOrNot)CRITICAL
Credential exposure checkCRITICAL
Open ports (22, 3389, 5432…)HIGH
Vendor Compliance
NDAA §889 prohibited vendorsCRITICAL
FCC Covered List checkCRITICAL
DOD CMCL / Entity ListHIGH
OFAC sanctioned entitiesCRITICAL
CISA advisory vendorsHIGH
27+ known prohibited vendorsCRITICAL
Vendor Security Posture
SSL grade for detected vendorsHIGH
CISA KEV CVE matchesCRITICAL
Vendor security scoreMEDIUM
GCP Audit — Full infrastructure audit of a Google Cloud project. Requires Application Default Credentials with Security Reviewer role.
Identity & Access (IAM)
Public IAM bindings (allUsers)CRITICAL
Primitive roles (Owner/Editor)HIGH
Default compute service accountMEDIUM
Service account key ageHIGH
Org policy constraintsMEDIUM
Essential Contacts configuredLOW
Storage
Public buckets (allUsers IAM)CRITICAL
Uniform bucket-level accessMEDIUM
Object versioning enabledLOW
Retention policy setLOW
BigQuery public datasetsCRITICAL
Artifact Registry public reposHIGH
Networking
Firewall rules open to 0.0.0.0/0HIGH
Default VPC in useMEDIUM
VPC flow logs enabledMEDIUM
Private Google AccessLOW
Cloud NAT configuredLOW
DNS query loggingMEDIUM
Network change monitoringMEDIUM
Load Balancers
HTTP → HTTPS redirectHIGH
SSL policy TLS versionMEDIUM
Cloud Armor WAF attachedHIGH
Backend service loggingLOW
Compute (VMs)
Public IP addressesMEDIUM
Shielded VM enabledMEDIUM
OS Login disabledMEDIUM
Serial port accessHIGH
Project-wide SSH keysHIGH
Database (Cloud SQL)
Public IP enabledHIGH
SSL required for connectionsHIGH
Automated backups enabledMEDIUM
CMEK encryptionLOW
GKE (Kubernetes)
Public control plane endpointHIGH
Network policy enabledMEDIUM
Legacy ABAC disabledHIGH
Workload Identity enabledMEDIUM
Private nodes configuredMEDIUM
Release channel setLOW
Serverless & App
Cloud Functions public invocationHIGH
Cloud Run unauthenticated accessHIGH
App Engine public servingMEDIUM
Logging & Monitoring
Data access audit logsMEDIUM
Log export sinks configuredMEDIUM
API key restrictionsMEDIUM
Event Detection (Real-time)
IAM policy changesCRITICAL
Cryptomining activityCRITICAL
Auth failure burstsHIGH
Firewall rule changesHIGH
Privilege escalationCRITICAL
Unusual service account usageHIGH
AWS Audit — Full account audit across IAM, S3, EC2, RDS, CloudTrail, load balancers, Lambda, API Gateway, CloudFront, ECS, and OpenSearch.
Identity & Access (IAM)
Root account MFA enabledCRITICAL
Root account access keysCRITICAL
Password policy strengthMEDIUM
Users with admin accessHIGH
Unused access keys (90+ days)HIGH
MFA enforcementHIGH
S3 Storage
Public access block settingsHIGH
Bucket ACL public accessCRITICAL
Server-side encryptionMEDIUM
Versioning enabledLOW
MFA delete enabledMEDIUM
EC2 & Networking
Security groups open to 0.0.0.0/0HIGH
Public IP addressesMEDIUM
SSH/RDP open to worldCRITICAL
IMDSv2 requiredMEDIUM
Load Balancers (ALB/NLB)
HTTP → HTTPS redirectHIGH
SSL policy (TLS 1.2+)MEDIUM
WAF (WebACL) attachedMEDIUM
Access logging enabledLOW
RDS Databases
Publicly accessible flagHIGH
Encryption at restMEDIUM
Automated backups enabledMEDIUM
Multi-AZ enabledLOW
Auto minor version upgradeLOW
Serverless & Functions
Lambda public function URLsHIGH
Lambda auth type (NONE)HIGH
API Gateway public stagesMEDIUM
API Gateway WAF attachmentMEDIUM
CloudFront & CDN
WAF (WebACL) attachedMEDIUM
HTTPS-only viewer protocolHIGH
Distribution deployed statusMEDIUM
ECS / Fargate
Running tasks with public IPsMEDIUM
Task definition exposureMEDIUM
OpenSearch / ElasticSearch
Domain not in VPCHIGH
Access policy verificationHIGH
Encryption at restMEDIUM
CloudTrail & Logging
CloudTrail enabledCRITICAL
Multi-region trailHIGH
Log file validationMEDIUM
Trail actively loggingCRITICAL
GitHub Audit — Full organization security audit. Requires a GitHub token with read:org and repo scopes.
Organization Security
2FA enforced org-wideCRITICAL
Default repository visibilityHIGH
Member forking permissionsMEDIUM
Outside collaborator accessMEDIUM
SSO enforcementMEDIUM
Repository Settings
Branch protection rulesHIGH
Required PR reviewsHIGH
Force push protectionHIGH
Admin push bypass disabledMEDIUM
Stale review dismissalMEDIUM
Secrets & Credentials
Secret scanning enabledCRITICAL
Push protection activeHIGH
Exposed secrets detectedCRITICAL
Actions secrets scopeMEDIUM
Supply Chain
Dependabot alerts enabledHIGH
Dependency review actionMEDIUM
SBOM generationLOW
Package registry visibilityMEDIUM
GitHub Actions
Actions permissions policyHIGH
Pinned action versionsMEDIUM
GITHUB_TOKEN permissionsMEDIUM
Self-hosted runner securityHIGH
Workflow approval for forksMEDIUM
Access & Permissions
Dormant member accountsMEDIUM
Admin countMEDIUM
Deploy key ageHIGH
OAuth app authorizationsMEDIUM
AI Audit — Security audit of AI/ML infrastructure on GCP or AWS with NIST AI RMF benchmark mapping.
GCP Vertex AI
Vertex AI public endpoint exposureHIGH
Model endpoint IAM accessHIGH
Training job data accessMEDIUM
Notebook server securityMEDIUM
Pipeline artifact encryptionMEDIUM
Cloud Functions & Run
AI serving functions public accessHIGH
Cloud Run AI services authHIGH
Ingress settings reviewMEDIUM
Secret Manager
API keys in Secret ManagerMEDIUM
Secret access audit loggingMEDIUM
Rotation policy configuredLOW
IAM for AI Workloads
AI service account permissionsHIGH
Overprivileged AI rolesHIGH
Cross-project data accessMEDIUM
Training Data Exposure
Training data bucket accessCRITICAL
Dataset public bindingsCRITICAL
Data pipeline encryptionMEDIUM
Benchmark Mapping
NIST AI RMF controlsMEDIUM
FedRAMP AI requirementsMEDIUM
NIST 800-53 AI controlsMEDIUM
SOC 2 AI trust criteriaMEDIUM
Document Audit — Scans contracts, procurement docs, and vendor agreements for EO18/NDAA §889 compliance. Two layers of analysis: Light mode runs pattern matching only (no AI, no credentials, works offline). Deep mode adds AI analysis via Vertex AI (FedRAMP authorized), Gemini, or OpenAI for context-aware findings that pattern matching alone would miss.
Layer 1 — Pattern Matching (Light & Deep)
Prohibited Vendors — NDAA §889 / FCC
Huawei TechnologiesCRITICAL
ZTE CorporationCRITICAL
Hytera CommunicationsCRITICAL
Hangzhou HikvisionCRITICAL
Dahua TechnologyCRITICAL
Baicells TechnologiesCRITICAL
Pacific Networks / ComNetCRITICAL
Luminys SystemsCRITICAL
Prohibited Vendors — OFAC / DOD / CISA
Kaspersky LabCRITICAL
TikTok / ByteDanceHIGH
WeChat / TencentHIGH
Alibaba / AliyunHIGH
DJI (Da-Jiang Innovations)HIGH
SenseTime GroupHIGH
Megvii / Face++HIGH
iFlytek, Inspur, NuctechHIGH
Dr.Web, Positive TechnologiesHIGH
China Telecom / Unicom / MobileHIGH
HKT / PCCWHIGH
Quectel / Fibocom / MeiGHIGH
Required Compliance Clauses
Only checked if document appears to be a federal contract or procurement agreement.
FAR 52.204-25 — Prohibition on covered telecom equipmentCRITICAL
FAR 52.204-26 — Contractor representation clauseHIGH
NDAA §889 certification languageCRITICAL
DFARS 252.204-7019 — NIST 800-171 DoD assessment (DoD contracts only)MEDIUM
Layer 2 — AI Analysis (Deep Mode Only)
Context-Aware Vendor Analysis
Determines if a mention is a violation vs. a denial — e.g. "we do not use Huawei" is not a violationHIGH
Detects indirect references pattern matching misses — e.g. "equipment from the vendor in Exhibit B"HIGH
Flags Chinese, Russian, or sanctioned-country vendor referencesHIGH
Identifies supply chain risk from subcontractorsMEDIUM
Compliance Intent Detection
Determines if §889 certification intent is present even without exact clause numbersHIGH
Assesses whether missing clauses are a genuine gap or covered by referenceHIGH
Generates plain-English risk summary per documentMEDIUM
Overall compliance verdict: clean, at-risk, or non-compliantMEDIUM
AI Providers
Vertex AI — Gemini 2.0 Flash (FedRAMP High authorized, uses gcloud ADC)INFO
Gemini API — direct (not FedRAMP, requires API key)INFO
OpenAI GPT-4o (not FedRAMP, requires API key)INFO
Sources & Data Handling
Supported File Sources
Local directory (recursive by default)INFO
Single local fileINFO
AWS S3 bucket or prefix (uses local AWS credentials)INFO
GCP Cloud Storage bucket (uses gcloud ADC)INFO
Supported File Types
PDF (text extraction via token scanning)INFO
DOCX / DOC (XML-based extraction)INFO
XLSX / XLS (shared strings + worksheets)INFO
TXT, CSV, MD (plain text)INFO
Privacy & Data Handling
Document text is never stored on Secho serversINFO
Only findings metadata uploaded (file name, severity, matched term, location)INFO
In deep mode, text goes directly from your machine to the AI provider — never through SechoINFO
Light mode works fully offline — no external API callsINFO