If you give rights to access records to any Guest User in your Salesforce environment, those records are automatically accessible by anyone over Internet.
This tool will check the configuration and facilitate the understanding of the situation. As it is fully secured, nothing will go through the servers, any query will be done between your browser and Salesforce API endpoint. As a consequence you must enable CORS for this domain ( https://jla.ovh ) in Salesforce setup menu.
You are not yet connected to Salesforce, you must first connect to the environment you want to analyze.
As some objects are accessible as Guest, you should check if any record can be seen by the Guest User on these objects. This will be data exposed over Internet. You should not expose personal data or confidential data.
Data can be accessed if Guest User is owner of records, or member of a Queue, or being the target of Sharing Rules.
All of this is automatically checked by this app, but implicit access such as to Accounts or Files is not checked.
If any record is exposed, you should check the Field Level Security of the object to refine data that could be exposed