SteelSuit

Getting started with SteelSuit

Run your first scan in 60 seconds.

What SteelSuit is

SteelSuit is a hosted security scanner for web applications. You give it a domain and it runs a battery of probes — DNS, TLS, security headers, technology fingerprinting, exposed-secret and critical-path checks, email auth (SPF/DKIM/DMARC), and on a deep scan also port scanning, content discovery, nuclei templates, subdomain takeover, CORS, wayback, and CMS checks — then hands back a graded report.

It's built for builders who want real signal out of the box — no rule tuning, no triage backlog on day one.

Your first scan

The fastest path is the web UI:

  • Sign in at steelsuit.com — auth is a magic-link email (or Google sign-in), no password.
  • Enter your domain in the terminal-style input on the dashboard.
  • Pick a pipeline — fast_scan (~30s) or deep_scan (~5 min).
  • Hit run. The scan page polls until completion and renders findings inline.

You don't have to keep the tab open: the scan runs server-side. Close it, come back later, and the dashboard shows the result when it's done.

What you get back

Every scan produces a letter score (A–F), severity-bucketed findings (critical / high / medium / low / info), and a downloadable PDF report. Each finding carries evidence and a recommendation, and the API can return a ready-to-paste fix_prompt for your AI coding tool (see the API reference).

Automating it

There's no separate CLI to install — SteelSuit is hosted. To automate scans (CI, scheduled checks, your own dashboards) use the REST API with an sk_ API key:

  • API reference — start scans and pull findings programmatically.
  • CI integration — fail a build on high-severity findings.

API access requires a plan with the API enabled (Pro).