Probe scans the public surface of the app URL you submit. It looks at what an outside unauthenticated request can see, then turns supported risks into a report your technical owner can act on.
Probe is built for fast-moving teams shipping with Vercel, Cloudflare, Supabase, Stripe, AI coding tools, and model APIs. It is not a private code review, authenticated penetration test, compliance audit, or guarantee that every vulnerability has been found.
What happens during a scan
First, you submit a public URL. A normal scan does not require repo access, GitHub tokens, dashboard credentials, database access, private keys, or user passwords.
Probe checks whether the URL is reachable, then fetches public pages, headers, assets, and likely public routes. It looks for supported risks such as exposed source maps, public environment files, secret-like keys in browser code, missing security headers, debug or admin surfaces, risky CORS behavior, exposed AI endpoints, and Stripe webhook signature issues.
Probe avoids destructive testing. It does not try to break in, bypass access controls, brute-force accounts, or scan private networks.
Free scan and full audit
The free scan gives you the external scan result, severity counts, and a blurred preview of findings. It is meant to show whether Probe saw something worth reviewing before you unlock the audit.
The full audit is a $149 one-time purchase. It unlocks every finding unblurred, with severity, evidence, exploitability, and copy-ready AI coding tool patch prompts. Paid reports also include per-finding re-checks after you ship fixes.
How access works after payment
Probe uses Stripe checkout for full audit payment. After payment, report access is handled through the report unlock and magic link email flow. There is no customer sign-in portal or account dashboard in v1.
If payment succeeds but your report does not unlock, email support@runprobe.com with the checkout email, submitted URL, and report link if you have it.
When to scan again
Run Probe after major changes to authentication, billing, admin tools, hosting configuration, public API routes, model endpoints, or deployment settings. In v1, monitoring is not available yet. Scheduled monitoring is planned for v2 and is not something you can buy or manage today.