After submitting the form, you will receive a validation e-mail. Make sure you complete this step. Enjoy!

Pricing

  Free Small Medium Enterprise
Number of parallel scans 1 2 4 On request
Best for Private person SMB/Web hosting Business infra Large/Enterprise
Billing option Credits Credits Credits Invoice
Target validation Manual Automatic Automatic Automatic
Schedule scans No Yes Yes Yes
API access / Code libraries No Yes Yes Yes
E-mail support No Yes Yes Yes
Phone support No No Yes Yes
Remote support No No Yes Yes
Scan package manager No No Yes Yes
Price Free $99 p/m $199 p/m Request quote

Scan capabilities

What can it do?

Our scanner can perform all kinds of tasks. It can also handle multiple tasks at the same time and wait for a task to finish before moving on to the next task. Obviously it check/validate or scan, but it can also talk with 3rd party API's like Shodan and Google Malware. Our scanner can execute any type of custom code on Windows and Linux.

How?

How?, that is our secret. These capabilities makes our scanner so powerfull and with this power we can make you and your company more secure. Try our scanner for free.

Our menu

OWASP top-10 web-application security scan

OWASP secure headers check and validation

Web-application vulnerability scan

Web-application high-risk only scan

EternalBlue / DoublePulsar / WannaCry / MS1710 check and validation

DNS recon (DNSSEC check and validation)

DNS DMARC check and validation

DNS SPF check and validation

DNS DKIM check and validation

Spamhaus blacklist check

Google Malware check

Wordpress security scan

Joomla security check

Web application firewall check

Shodan listing check

TCP service version scan (also IDS safe version)

UDP service version scan (also IDS safe version)

NMAP SSL scan

SSL Analysis

SSL Labs (scan and validation)


We are adding more and more capabilities on a weekly basis. Missing something? Don't hesitate to send us an email: support@smartsecurityscan.com

Features

Create scan packages

Our engine is build with blocks, like lego, and that provides you the possibility to create your own scan packages by chosing 1 or multi scan services.

Easy integration

We have full integration libraries ready for PHP5/7, JavaScript (EC6), Node, AngularJS and C# (ASP).NET

White label / re-seller

Integrate our scan engine in your website or business application. Re-sell security scans with white-label reports. It's all possible with our API.

Customized security scans

Customized security scan to fit the target best. You can schedule and even plan re-occurring scans. We have specific customized scans for all areas.

Total targets scanned: 311

Good to know

Security scans are preferably executed on the development or acceptation environment of a web application, not on the live environment. The security scans can impact the responsiveness of the server and the correctness of data.

What to expect in our next release?

SQLi scan

XSS scan

GHDB scan

Most used scans

Free (172)

55.31% Free

Mail (spf, dkim and dmarc) (101)

32.48% Mail (spf, dkim and dmarc)

EternalBlue/DoublePulsar/WannaCry (32)

10.29% EternalBlue/DoublePulsar/WannaCry

SSL (31)

9.97% SSL

OWASP Top-10 (28)

9.00% OWASP Top-10

Paid, web vulnerability scan (21)

6.75% Paid, web vulnerability scan

Wordpress vulnerability scan (15)

4.82% Wordpress vulnerability scan

Joomla vulnerability scan (14)

4.50% Joomla vulnerability scan

TCP/UDP Services (10)

3.22% TCP/UDP Services

Full_scan (3)

0.96% Full_scan

Latest Vulnerabilities

CVE-2017-1002100 2017-09-29

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.

CVE-2017-1002024 2017-09-27

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

CVE-2017-1002016 2017-09-27

Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.

CVE-2017-1002008 2017-09-27

Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.

CVE-2017-1002003 2017-09-27

Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.

CVE-2017-1002002 2017-09-27

Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/

CVE-2017-1002001 2017-09-27

Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.

CVE-2017-1002151 2017-09-21

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

CVE-2017-1002150 2017-09-21

python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection

CVE-2017-1002025 2017-09-21

Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.

CVE-2017-1002023 2017-09-21

Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php

CVE-2017-1002017 2017-09-21

Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability.

Smart Security Scan


Information gathering

Network Security

Web Application Security

Security scan

Vulnerability scan

WordPress / Joomla

Penetration Testing

SSL Labs

Google Malware

Shodan

OWASP-TOP-10

OWASP Secure Headers


Scan multiple targets with different settings and pay automatically with your credits. You can buy 1 or multiple credit packs.

Combine multiple scan commands to create your own package. Schedule your pentest on a montly or even daily basis.

Receive your scan report per mail or download the PDF version from your dashboard.

Privacy and security

Security scans are preferably executed on the development or acceptation environment of a web application, not on the live environment. The security scans can impact the responsiveness of the server and the correctness of data.

* This server, our reporting engines and our data storage use an AES256 encrypted file system.
* Information in our databases are AES256 encrypted and passwords are hashed with bcrypt.