findsecuritycontacts.com

What It Is

findsecuritycontacts.com is an online tool focused on discovering security contacts for websites. The main text explains that security contacts indicate how security researchers can get in touch with a website or service provider, and often also describe vulnerability disclosure policies or bug bounty information. The site scans the Top 500 websites every day, checks for the presence of a security.txt file or DNS TXT security record, and displays the status code, validity, and access scheme.

Core Capabilities and Deployment

In terms of protection category, it is not a WAF, EDR, or vulnerability scanner. Instead, it is a discovery and format-validation tool for vulnerability disclosure contact points. Its checks cover security.txt files in known paths, based on RFC 9116, as well as DNS security records. Users can also look up any website to see whether a security.txt file or DNS record exists and whether the format appears to be correct. No client installation is required; usage is mainly through web-based queries. The websites being checked, however, need to publish a security.txt file or configure DNS TXT records themselves.

Pricing, Compliance, and Integrations

The main text does not disclose pricing, payment methods, account systems, or commercial plans, so it is not possible to determine whether the service is free or whether an enterprise edition is available. On the compliance side, it only explicitly references RFC 9116, securitytxt.org, and dnssecuritytxt.org; there is no visible information indicating that the service itself has obtained security certifications or privacy compliance certifications. Its management and alerting capabilities appear basic: the page provides Top 500 scan results, last fetch time, domain status, and validity, but does not show capabilities such as continuous monitoring alerts, APIs, Webhooks, SIEM integrations, or vulnerability management platform integrations.

Pros and Cons

Its main advantage is a very clear focus: it can quickly answer the question of whether a given website has a compliant security disclosure contact method. The daily Top 500 scan can also serve as a sample for observing industry adoption. The downside is that its scope is narrow. It does not provide vulnerability discovery, risk grading, remediation tracking, or attack surface management. The main text also does not explain its data sources, historical trends, export capabilities, or support options.

Who It Is For and Access from China

It is suitable for security researchers, vulnerability response teams, and website security owners who need to quickly find compliant contact channels before submitting a vulnerability report. It is also useful for companies checking their own security.txt configuration. The main text does not provide information about access from China, so this needs to be tested in practice. If access is limited, alternatives include securitytxt.org, dnssecuritytxt.org, directly visiting /.well-known/security.txt, or using DNS TXT lookup tools.