v1.2 · Free · Self-Hosted

Audit your server
before someone else does.

Titanium is a single PHP file you drop onto your own hosting. It scans your entire document root for exposed secrets, malware signatures, misconfigured .htaccess rules, weak TLS, and dozens of other risks — then deletes cleanly, leaving nothing behind.

0 external requests 1 PHP file ~90 sec typical scan MIT license
This is the actual results screen — not a mockup.

About Titanium

Your own auditor. No middleman.

Most security scanners want you to send them your URL, your headers, sometimes your source. Titanium never leaves your server. Upload it, log in with a password only you know, run the scan, and every check — filesystem, TLS, DNS, HTTP headers — happens locally on the machine that's already hosting your site. Built by the WebOrbiton Team, the makers of NetKrypton and MevaSearch, and shaped by years of finding exactly this class of misconfiguration on real shared hosting.

Critical High Medium Low / Info
What it checks

One scan, twelve angles.

Every module below runs in the same pass and reports into one severity-ranked list.

Exposed secrets

Finds .env, config files, database dumps, SSH keys, and cloud credential files sitting in public directories.

Malware signatures

Pattern-matches PHP files against known web-shell and obfuscation techniques — eval(base64_decode()) and friends.

.htaccess review

Checks whether your Apache rules actually block sensitive extensions, disable directory listing, and restrict PHP execution where needed.

TLS certificate health

Reads your live certificate straight off the socket — issuer, subject, and days remaining before it expires.

DNS & email spoofing

Looks up A/MX records and flags missing SPF or DMARC entries that let others impersonate your domain in email.

Live reachability checks

Doesn't just find a file — requests it over HTTP from the same server, so you know if it's actually downloadable right now.

Security headers

Verifies HSTS, CSP, X-Frame-Options, and five other headers browsers use to protect your visitors.

Stale & suspicious code

Flags PHP files untouched for years, or a sudden burst of recent edits worth a second look.

PHP configuration audit

Checks expose_php, allow_url_include, session cookie flags, and other risky defaults.

CMS fingerprinting

Recognizes WordPress, Joomla, Drupal, Magento, Laravel, Symfony, PrestaShop, OpenCart, Craft, and Shopware.

Locked-down access

Password auth, optional TOTP two-factor, IP allowlisting, brute-force lockout, and per-session rate limiting.

History & export

Keeps a local record of past scans and exports full reports as JSON or CSV whenever you need one.


Installation

Five steps, no dependencies.

Titanium runs on plain PHP 7.4+ with no Composer packages and no build step. Works on virtually any shared hosting plan, including Hostinger, cPanel, and Plesk environments.

Download the file

Grab netkrypton-titanium.php below. It's a single, self-contained file — no other files or folders are required.

Set your access password

Open the file in any text editor and change the constant near the top:

// find this line and change it
const ACCESS_PASSWORD = 'a-long-random-password-only-you-know';

Upload it to your document root

Use FTP, SFTP, or your hosting file manager to place the file in the same directory you want scanned — typically public_html or your site's root folder.

Open it in your browser and log in

Visit https://yourdomain.com/netkrypton-titanium.php, enter your password, and click Run full audit. A typical scan finishes in under two minutes.

Review, export, then delete

Read through the findings, download a JSON or CSV report if you want to keep a copy, and then remove the file from your server.

Delete Titanium after every audit. The access password is stored in plain text inside the file itself, so it should never remain on a live server longer than the audit takes. Re-upload it fresh the next time you want to scan.

Get Titanium

Free, forever, self-hosted.

No account, no license key, no telemetry. Download the file, follow the five steps above, and it's running on your own infrastructure in under five minutes.

  • Single PHP file, no dependencies
  • Zero external network calls
  • Works on standard shared hosting
  • MIT licensed, commercial use allowed
v1.2 · updated for PHP 7.4–8.3
netkrypton-titanium.php
Download Titanium
SHA-256 checksum is published at titanium.netkrypton.com/checksums for every release.