WebHound
SARIF
CSV
MD
JSON
Professional Security Reports

Reports your team can actually understand.

WebHound turns passive scan data into grouped findings, severity summaries, remediation guidance, engine diagnostics, WADE anomaly summaries, and exportable reports for business owners, developers, and agencies.

View Sample ReportStart Free Scan
What's Included

Every scan generates a complete report

No incomplete summaries or hidden details. Every section of a WebHound report is designed to give you the full picture.

Risk score

Composite score from 0–100 based on severity-weighted findings.

Grouped findings

Issues organized by engine, category, and fix priority — not a flat list.

Affected URLs

Exact pages where each issue was detected, with scan evidence.

Remediation guidance

Plain-English fix steps for every finding, with code examples where applicable.

Engine diagnostics

Per-engine timing, finding counts, and status from all 12 scan engines.

External domain map

Every third-party domain your site contacted, categorized by type.

WADE anomaly summary

Behavioral baseline comparison, anomaly score, and change highlights.

Scan metadata

Timestamp, profile used, pages crawled, and scan duration.

Export Formats

Choose the format that fits your workflow

Dashboard view is always available. Export to SARIF, CSV, or Markdown whenever you need a deliverable.

Live

Dashboard View

Interactive

Everyone

Full interactive results with expandable findings, filtering, and WADE analysis.

Best for: Default — available immediately after every scan.

Live

SARIF

.sarif

Security engineers & CI pipelines

Industry-standard Static Analysis Results Interchange Format.

Best for: Integrating with GitHub Code Scanning, Azure DevOps, or security toolchains.

Live

CSV

.csv

Project managers & analysts

Tabular export for spreadsheets, custom pivot analysis, and ticket creation.

Best for: Creating tickets in Jira, Linear, or Notion from scan findings.

Live

Markdown

.md

Developers & technical leads

Human-readable report ready to paste into wikis, PR descriptions, or emails.

Best for: Sharing findings in GitHub, Notion, Confluence, or Slack.

Planned

JSON Export

.json

Developers building integrations

Raw structured scan result for custom tooling, dashboards, or data pipelines.

Best for: Building automated workflows or feeding results into your own systems.

Business-Friendly

Findings anyone can act on

WebHound doesn't hand you a wall of CVE numbers and HTTP response codes. Every finding is explained in language that makes sense whether you're a business owner, a developer, or a project manager.

  • Plain-English summaries

    Every finding is explained in business-friendly language — not just the CVE ID or header name.

  • "Why this matters"

    Each issue includes a clear explanation of the real-world risk it creates for your users and site.

  • "How to fix" guidance

    Concrete remediation steps, with code examples where applicable, so developers can act immediately.

  • Affected pages listed

    See exactly which URLs triggered each finding — no manual cross-referencing needed.

  • Confidence and evidence

    Each finding shows confidence level and the evidence that triggered it, so you can judge severity yourself.

  • Fix-priority ordering

    Findings are ranked by severity and impact so teams know what to address first.

Finding · Security HeadersHIGH

Missing Content-Security-Policy header

CSP_HEADER_MISSING · Confidence 96%

Why it matters

Without CSP, browsers allow any inline script to execute on your pages, making your site vulnerable to cross-site scripting (XSS) attacks where malicious code could steal user data or hijack sessions.

How to fix

Add a Content-Security-Policy response header to your web server or CDN. Start with a report-only policy to understand your site's script requirements before enforcing.

Affected pages

example.comexample.com/loginexample.com/checkout
Engine Diagnostics · example.com · 2m 14s
Security Headers3 findings0.4s
CSP Analysis1 finding0.2s
TLS Checker0 findings1.1s
Cookie Scanner2 findings0.3s
JavaScript Analyzer4 findings8.2s
Third-Party Domains2 findings0.9s
Secret Scanner0 findings5.3s
WADE Baseline1 finding0.6s
SARIFCSVMD
For Developers

Built for technical teams too

WebHound gives developers and security engineers the structured data they need to act on findings, integrate with existing tooling, and build security into release workflows.

  • Engine diagnostics

    Per-engine timing, status, and finding count — so you know exactly what ran and what it found.

  • Raw evidence preview

    See the extracted artifacts (headers, script URLs, form targets) that triggered each finding.

  • Finding IDs

    Every finding has a stable ID for referencing across scans, exports, and internal ticket systems.

  • SARIF & CSV export

    Export in formats compatible with GitHub Code Scanning, Azure DevOps, Jira, and Linear.

  • Grouped by engine

    Results are structured by scan engine — easy to filter to the categories you care about.

  • CI pipeline ready

    SARIF output is designed for automated security gates in CI/CD workflows.

Before vs After

Raw findings vs WebHound reports

Security data is only useful if people can act on it.

Without WebHound
HTTP/1.1 200 OK → Missing header: Content-Security-Policy
ssl_check: HSTS not in response headers
js_lint: eval() detected at offset 4821 in main.bundle.js
cookie: session_id → flags: [] (expected: HttpOnly, Secure)
dns: SPF record not found for domain
WARNING: Unknown domain script.example.io contacted
... 14 more raw findings

No grouping. No priority. No fix steps. No export.

WebHound Report
HIGHSecurity Headers3 issues

Add CSP, HSTS, and X-Frame-Options to your server config.

MEDIUMCookie Security2 issues

Set Secure and HttpOnly on session_id and auth cookies.

MEDIUMThird-Party Domains1 issue

Review script.example.io — not in your known-good baseline.

LOWDNS / Email Auth1 issue

Add SPF record to prevent email spoofing from your domain.

SARIFCSVMD
Made For Everyone

Who reads WebHound reports

Every role gets what they need — no translation required.

Business Owner

Plain-English summaries — no jargon required.

  • Risk score in plain English
  • "Why it matters" for every finding
  • Priority-ordered action list

Developer

SARIF export and CI-ready structured data.

  • SARIF for GitHub Code Scanning
  • Engine diagnostics & raw evidence
  • Finding IDs for ticket tracking

Security Auditor

Grouped findings with evidence and confidence scores.

  • Grouped by engine & category
  • Confidence level per finding
  • WADE anomaly timeline
For Agencies

Turn monitoring into a client deliverable

Web agencies and freelancers can use WebHound reports as a professional monthly security deliverable — something clients can see and understand.

Client-ready reports

Export and share scan results in Markdown or CSV. Clear enough to hand directly to a client or stakeholder.

Track security improvements

Run monthly scans and compare risk scores over time to show documented security progress.

Monitoring documentation

Evidence that your agency is actively monitoring client sites — useful for SLA reporting and account reviews.

Professional deliverables

Position WebHound reports as a premium deliverable — a regular security audit clients expect and value.

Report Scope & Limitations

Reports are based on passive, read-only scan data.

Findings indicate areas for review — not confirmed exploitable vulnerabilities.

False positives and false negatives are possible in any automated scan.

WebHound reports are not a substitute for professional penetration testing.

No exploitation, brute-force, or destructive testing is performed.

Reports should not be generated for sites you don't own or aren't authorized to test.

WebHound is a passive security monitoring tool, not a penetration testing service. For critical infrastructure, supplement WebHound with professional security assessment.

Free to start

Generate your first WebHound report.

Scan your website for free, get a full grouped report, and export in any format. No credit card. No installation.

Start Free ScanView All Features
Passive scanning
Grouped findings
Remediation guidance
SARIF · CSV · Markdown