External attack surface scanner

Know yourvulnerabilitiesbefore they do.

Professional security assessment for your domains. 16 scanning modules, 12,000+ vulnerability templates, 83 custom research templates, intelligent parameter fuzzing, and AI-powered analysis. One-time scans or continuous weekly monitoring.

Start Scanning →View Sample Reports ↓

Domain ownership verified before scanning. No commitment on one-time scans.

0+
vuln templates
0
custom research templates
0
scan modules
0
vuln classes detected
nucleinmapsubfinderhttpxniktozaptestsslffufwhatwebwafw00fpuppeteerparamfuzzclaude ai
nucleinmapsubfinderhttpxniktozaptestsslffufwhatwebwafw00fpuppeteerparamfuzzclaude ai
nucleinmapsubfinderhttpxniktozaptestsslffufwhatwebwafw00fpuppeteerparamfuzzclaude ai
nucleinmapsubfinderhttpxniktozaptestsslffufwhatwebwafw00fpuppeteerparamfuzzclaude ai
Process

Domain to report
in four steps.

01
Enter domain
Type your target. We handle the rest.
02
Verify ownership
DNS TXT or file verification. Takes 60 seconds.
03
Choose your plan
One-time scan or weekly monitoring. Secure checkout.
04
Get your report
Professional PDF with AI remediation. In your inbox.
Capabilities

Broad security coverage. Fully automated.

Subdomain Enumeration
Subfinder + Certificate Transparency. Finds forgotten staging, dev portals, shadow IT.
Vulnerability Detection
83 CUSTOM
12,000+ Nuclei community templates + 83 custom research templates. CVEs, misconfigs, injection points, secrets in JS, cache poisoning.
Intelligent Parameter Fuzzing
FULL+
Auto-discovers endpoints, classifies parameters by type, and tests with targeted payloads: SQLi, XSS, SSRF, LFI, NoSQL injection.
Auth & Logic Testing
FULL+
SQL/NoSQL auth bypass, mass assignment privilege escalation, IDOR detection, null byte traversal, open redirect.
Infrastructure Mapping
Port scanning with risk assessment for 20+ dangerous services. SSL/TLS audit, 9 security headers graded A-F.
Sensitive Paths & API Exposure
Ffuf + 25-path API docs scanner. .env, .git, admin panels, debug endpoints, Swagger, GraphQL playgrounds.
DNS & Email Security
SPF, DMARC, DKIM validation with specific misconfiguration detection and fix instructions.
AI Risk Analysis
FULL+
Claude AI reviews every finding. Attack chains, CVSS scoring, 30-day remediation plan.
Actionable Remediation
Every finding includes step-by-step fix instructions with exact server configuration commands. Not just 'fix this' — how to fix it.
vulnscan — scan output
$ vulnscan --target example-corp.com --tier full
Sample Reports

See what you'll receive.

Download a real sample report for each tier. Generated against example.com — no signup required.

Quick ScanPDF ↗
SSL audit, security headers (A-F grade), DNS/email checks, remediation steps
~4 pages3 findings10 modules · ~5 min
Full AssessmentPDF ↗
Everything in Quick + Nuclei CVE detection, parameter fuzzing, AI risk analysis with attack chains, OWASP mapping
~8 pages6 findings16 modules · ~15 min
Enterprise AuditPDF ↗
Everything in Full + compliance dashboard (PCI DSS, GDPR, SOC 2, ISO 27001), executive summary, 30-day rescan
~12 pages10 findings16 modules · ~30 min
Pricing

Simple pricing. No hidden fees.

Manual pentests cost €5,000–€50,000. Get high-value automated coverage at a fraction of the cost.

Quick Scan
€99
one-time payment
  • Subdomain enumeration (cert transparency + passive)
  • Port scan (top 1,000 ports)
  • 12,000+ vulnerability templates (Nuclei)
  • SSL/TLS audit + DNS security check
  • Security headers analysis
  • Remediation steps for every finding
  • PDF report with CVSS scores
Get Quick Scan
Most Popular
Full Assessment
€249
one-time payment
  • Everything in Quick
  • 83 custom research templates
  • All 65,535 ports scanned
  • Intelligent parameter discovery & fuzzing
  • SQLi / XSS / SSRF / LFI detection
  • Auth bypass & mass assignment testing
  • IDOR & broken access control testing
  • Nikto + ZAP DAST scanning
  • Browser-based SPA crawling
  • API endpoint discovery
  • Directory & sensitive file brute-force
  • AI risk analysis + OWASP mapping
Get Full Assessment
Enterprise Audit
€499
one-time payment
  • Everything in Full
  • Compliance dashboard (PCI DSS / GDPR / SOC 2 / ISO 27001)
  • Free re-scan within 30 days
  • Priority scan queue
  • Dedicated support
Get Enterprise Audit
Continuous Monitor
€199/mo
cancel anytime
  • Weekly Full Assessment scans
  • Nuclei + ZAP + AI analysis every week
  • New vulnerability alerts via email
  • Subdomain change detection
  • Findings diff (new vs resolved)
  • Cancel anytime
Start Monitoring
Compare

What's in each tier.

FeatureQuick €99Full €249Enterprise €499
Subdomain enumeration
Certificate Transparency
Port scan (top 1,000)
Port scan (all 65,535)
SSL/TLS audit
Security headers analysis
DNS & email security
WAF detection
Technology fingerprinting
Nuclei vulnerability scanning (targeted)
12,000+ Nuclei templates (full library)
83 custom research templates
Intelligent parameter fuzzing
SQLi / XSS / SSRF / LFI detection
Auth bypass & mass assignment
Nikto + ZAP DAST scanning
Directory brute-force (ffuf)
Browser-based SPA crawling
API endpoint discovery
AI risk analysis (Claude)
OWASP Top 10 mapping
Compliance dashboard (PCI/GDPR/SOC2/ISO)
Executive summary report
Free re-scan within 30 days
PDF report with remediation
FAQ

Common questions.

Is this legal?+
Yes. Domain ownership is verified via DNS TXT or file challenge before any scan begins. Unauthorized scanning is blocked.
How long does a scan take?+
Quick scans: 5 minutes. Full assessments: 10-15 minutes. Enterprise audits: up to 30 minutes depending on infrastructure size.
Will the scan affect my website?+
No. Scans are rate-limited and non-intrusive. We simulate passive reconnaissance — no exploitation is attempted.
What does AI analysis include?+
Our AI reviews every finding, identifies potential attack chains, scores real-world exploitability, and writes remediation steps specific to your technology stack.
How is this different from free tools?+
We combine 16 scanning modules into one intelligent pipeline. Unlike running Nuclei alone, our system auto-discovers endpoints via browser crawling, classifies parameters, and tests with targeted payloads — detecting SQLi, XSS, SSRF, auth bypass, mass assignment, and more. Plus Nikto, ZAP, and ffuf for deep DAST coverage. You get a professional PDF with CVSS scores, OWASP mapping, and step-by-step remediation — not raw terminal output.
How is my data handled?+
EU-hosted (Hetzner, Germany). Scan data is stored securely and deleted after 90 days. We never share data with third parties.

Find them first.

Professional security report. Minutes, not weeks.

Start scanning →