Name: Preflyt
Brand: Preflyt

Question 1

What is Preflyt?

Accepted Answer

Preflyt is a free pre-deployment security scanner that checks live web applications for exposed secrets, misconfigurations, and unsafe defaults in under 30 seconds. No signup required.

Question 2

How does Preflyt detect exposed .env files?

Accepted Answer

Preflyt makes HTTP requests to common .env file paths on your live server and checks if they return sensitive configuration data like database passwords, API keys, or secret tokens.

Question 3

Does Preflyt scan open ports?

Accepted Answer

Yes. Preflyt scans 18 commonly exposed ports including MySQL (3306), PostgreSQL (5432), MongoDB (27017), Redis (6379), and development servers. It detects CDN providers to avoid false positives.

Question 4

Is Preflyt safe to use on my website?

Accepted Answer

Yes. Preflyt only performs non-intrusive, read-only checks. It does not attempt to exploit vulnerabilities, modify data, or perform any destructive actions.

Question 5

How is Preflyt different from Snyk or other vulnerability scanners?

Accepted Answer

Snyk analyzes source code and dependencies for known CVEs. Preflyt scans your live deployment from the outside to find exposed files, open ports, and misconfigurations that only exist once your app is actually running on a server. They solve different problems.

Question 6

Does Preflyt require signup?

Accepted Answer

No. Preflyt offers 3 free scans with no signup or account creation required. Just paste your URL and scan.

> preflyt

Add Preflyt to every deploy

What we check

Exposed files

Server and network

HTTP hardening