Built with security in mind
WebHound is a passive, authorized security monitoring tool. Here's how we operate safely and responsibly.
Passive scanning only
WebHound never modifies your site, exploits vulnerabilities, or makes authenticated requests. Every scan is read-only and safe to run against production.
No credential storage
We never store passwords, API keys, or session tokens. Scans are performed against the public-facing URL only.
Authorized targets only
By using WebHound you confirm you own or are authorized to scan the target URL. Scanning unauthorized targets is a violation of our terms and potentially illegal.
Data handling
Scan results are stored securely and accessible only to your account. We do not sell or share scan data with third parties.
Responsible Disclosure
If you discover a security vulnerability in WebHound, please report it responsibly. Do not publicly disclose issues before we have had a chance to address them. Contact us at security@webhoundsecurity.com.