cloakbuster.com

What It Is

Cloakbuster is a free web page security scanner positioned for quick security checks on individual pages. After entering a Page URL, users can run a scan. Sample reports return information such as the final URL, scan time, duration, verdict, detection confidence, score, summary statistics, findings, short HTML snippets, and response status. It clearly states that it does not persist the full page HTML and only keeps short excerpts for reporting, which is a positive point for privacy and data minimization.

Core Capabilities and Deployment

In terms of protection coverage, Cloakbuster mainly focuses on content-layer web risks, including hidden links, disguised links, suspicious iframes, redirects, suspicious scripts, malicious patterns, and anomalous resource detection. It also notes that the same SSRF checks are applied whether or not JavaScript rendering is enabled. Deployment is via an online tool, with no client installation required. It can render JavaScript using headless Chromium via Playwright, making it suitable for dynamic pages, while rendering can also be disabled for faster static fetching. Its bookmarklet design lowers the barrier to use and makes it easy to quickly pass any web page URL into the scanner.

Pricing and Suitability

The page labels it as a free webpage security scanner, and there is no visible information about paid plans, enterprise editions, or API pricing. It is limited to 5 scans per IP per minute, making it suitable for individual developers, security researchers, and website administrators who need low-frequency checks and preliminary triage of suspicious pages. However, it is not suitable for large-scale automated inspection, asset discovery, or continuous monitoring.

Pros and Cons

Its strengths are that it is free, easy to get started with, supports dynamic rendering, and produces relatively clear structured reports. Its statement that full HTML is not persisted is also transparent. The drawbacks are that the text does not disclose the source of its rule set, false-positive rate, alerting features, permission management, compliance certifications, SLA, or enterprise support. It also does not show capabilities for site-level crawling, batch jobs, APIs, Webhooks, SIEM, or CI/CD integration. The sample report’s detectionConfidence is low, which also suggests the results are better used as supporting evidence rather than a definitive judgment.

Who It’s For and Access from China

Cloakbuster is suitable for pre-launch checks of single pages, investigating suspicious outbound links and scripts, preliminary content review, and quickly inspecting page responses and anomalous resources during development and debugging. The main text provides no information about access from mainland China, so its accessibility is unknown; payment methods are also not disclosed. If you need more mature alternatives, consider VirusTotal, urlscan.io, Sucuri SiteCheck, Google Safe Browsing-related tools, or enterprise-grade web vulnerability scanning, ASM, and cloud WAF platforms.