Titanium is a single PHP file you drop onto your own hosting. It scans your entire
document root for exposed secrets, malware signatures, misconfigured .htaccess
rules, weak TLS, and dozens of other risks — then deletes cleanly, leaving nothing behind.
Most security scanners want you to send them your URL, your headers, sometimes your source. Titanium never leaves your server. Upload it, log in with a password only you know, run the scan, and every check — filesystem, TLS, DNS, HTTP headers — happens locally on the machine that's already hosting your site. Built by the WebOrbiton Team, the makers of NetKrypton and MevaSearch, and shaped by years of finding exactly this class of misconfiguration on real shared hosting.
Every module below runs in the same pass and reports into one severity-ranked list.
Finds .env, config files, database dumps, SSH keys, and cloud credential files sitting in public directories.
Pattern-matches PHP files against known web-shell and obfuscation techniques — eval(base64_decode()) and friends.
Checks whether your Apache rules actually block sensitive extensions, disable directory listing, and restrict PHP execution where needed.
Reads your live certificate straight off the socket — issuer, subject, and days remaining before it expires.
Looks up A/MX records and flags missing SPF or DMARC entries that let others impersonate your domain in email.
Doesn't just find a file — requests it over HTTP from the same server, so you know if it's actually downloadable right now.
Verifies HSTS, CSP, X-Frame-Options, and five other headers browsers use to protect your visitors.
Flags PHP files untouched for years, or a sudden burst of recent edits worth a second look.
Checks expose_php, allow_url_include, session cookie flags, and other risky defaults.
Recognizes WordPress, Joomla, Drupal, Magento, Laravel, Symfony, PrestaShop, OpenCart, Craft, and Shopware.
Password auth, optional TOTP two-factor, IP allowlisting, brute-force lockout, and per-session rate limiting.
Keeps a local record of past scans and exports full reports as JSON or CSV whenever you need one.
Titanium runs on plain PHP 7.4+ with no Composer packages and no build step. Works on virtually any shared hosting plan, including Hostinger, cPanel, and Plesk environments.
Grab netkrypton-titanium.php below. It's a single, self-contained file — no other files or folders are required.
Open the file in any text editor and change the constant near the top:
Use FTP, SFTP, or your hosting file manager to place the file in the same directory you want scanned — typically public_html or your site's root folder.
Visit https://yourdomain.com/netkrypton-titanium.php, enter your password, and click Run full audit. A typical scan finishes in under two minutes.
Read through the findings, download a JSON or CSV report if you want to keep a copy, and then remove the file from your server.
No account, no license key, no telemetry. Download the file, follow the five steps above, and it's running on your own infrastructure in under five minutes.