What Preflyt checks
Preflyt runs a focused set of safety checks against your web app, API, or backend. We look for real mistakes — things that are definitely wrong, not theoretical vulnerabilities that might be fine. If Preflyt flags something, you should fix it.
Exposed environment files
.env files containing database passwords, API keys, and secrets served publicly
Unprotected admin panels
Admin dashboards accessible without login
Leaking API endpoints
APIs returning user data or credentials to unauthenticated requests
Debug endpoints in production
Development and diagnostic routes left enabled after deployment
Exposed Git configuration
Repository files that reveal your source code structure
Directory listings
Server directories browsable by anyone
Command checker
Paste any terminal command to check for typosquatted packages, hidden characters, unsafe piped downloads, and obfuscated payloads. Always free, always instant.
What Preflyt is not
Preflyt is not a penetration testing tool, a vulnerability scanner, or a compliance platform. We don't chase CVEs, we don't exploit anything, and we don't generate 100-page reports. We answer one question: did you accidentally ship something obviously unsafe to the public internet?
No signup. No tracking. No data stored.