Free Small Medium Enterprise
Number of parallel scans 1 2 4 On request
Best for Private person SMB/Web hosting Business infra Large/Enterprise
Billing option Credits Credits Credits Invoice
Target validation Manual Automatic Automatic Automatic
Schedule scans No Yes Yes Yes
API access / Code libraries No Yes Yes Yes
E-mail support No Yes Yes Yes
Phone support No No Yes Yes
Remote support No No Yes Yes
Scan package manager No No Yes Yes
Price Free $99 p/m $199 p/m Request quote

Scan capabilities

What can it do?

Our scanner can perform all kinds of tasks. It can also handle multiple tasks at the same time and wait for a task to finish before moving on to the next task. Obviously it check/validate or scan, but it can also talk with 3rd party API's like Shodan and Google Malware. Our scanner can execute any type of custom code on Windows and Linux.


How?, that is our secret. These capabilities makes our scanner so powerfull and with this power we can make you and your company more secure. Try our scanner for free.

Our menu

OWASP top-10 web-application security scan

OWASP secure headers check and validation

Web-application vulnerability scan

Web-application high-risk only scan

EternalBlue / DoublePulsar / WannaCry / MS1710 check and validation

DNS recon (DNSSEC check and validation)

DNS DMARC check and validation

DNS SPF check and validation

DNS DKIM check and validation

Spamhaus blacklist check

Google Malware check

Wordpress security scan

Joomla security check

Web application firewall check

Shodan listing check

TCP service version scan (also IDS safe version)

UDP service version scan (also IDS safe version)


SSL Analysis

SSL Labs (scan and validation)

We are adding more and more capabilities on a weekly basis. Missing something? Don't hesitate to send us an email:


Create scan packages

Our engine is build with blocks, like lego, and that provides you the possibility to create your own scan packages by chosing 1 or multi scan services.

Easy integration

We have full integration libraries ready for PHP5/7, JavaScript (EC6), Node, AngularJS and C# (ASP).NET

White label / re-seller

Integrate our scan engine in your website or business application. Re-sell security scans with white-label reports. It's all possible with our API.

Customized security scans

Customized security scan to fit the target best. You can schedule and even plan re-occurring scans. We have specific customized scans for all areas.

Total targets scanned: 324

Good to know

Security scans are preferably executed on the development or acceptation environment of a web application, Not on the live environment. The security scans can impact the responsiveness of the server and the correctness of data.

What to expect in our next release?

Advanced application scan

Advanced Infrastructure scan

Fancy reporting / PDF printable

Most used scans

Free (204)

62.96% Free

Mail (spf, dkim and dmarc) (101)

31.17% Mail (spf, dkim and dmarc)

EternalBlue/DoublePulsar/WannaCry (33)

10.19% EternalBlue/DoublePulsar/WannaCry

SSL (31)

9.57% SSL

OWASP Top-10 (30)

9.26% OWASP Top-10

Paid, web vulnerability scan (21)

6.48% Paid, web vulnerability scan

Wordpress vulnerability scan (16)

4.94% Wordpress vulnerability scan

Joomla vulnerability scan (16)

4.94% Joomla vulnerability scan

TCP/UDP Services (10)

3.09% TCP/UDP Services

Full scan (6)

1.85% Full scan

OWASP Secure Headers (3)

0.93% OWASP Secure Headers

Latest Vulnerabilities

CVE-2018-5253 2018-01-17

The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 has an Infinite loop via a crafted MP4 file that triggers size mishandling.

CVE-2018-5251 2018-01-17

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.

CVE-2018-5249 2018-01-17

Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).

CVE-2018-5073 2018-01-17

Online Ticket Booking has CSRF via admin/movieedit.php.

CVE-2018-4868 2018-01-17

The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.

CVE-2018-4862 2018-01-17

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.

CVE-2018-3814 2018-01-17

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.

CVE-2018-3813 2018-01-17

getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.

CVE-2018-5248 2018-01-16

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.

CVE-2018-5247 2018-01-16

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.

CVE-2018-5246 2018-01-16

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.

CVE-2018-3811 2018-01-16

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.

Smart Security Scan

Information gathering

Network Security

Web Application Security

Security scan

Vulnerability scan

WordPress / Joomla

Penetration Testing

SSL Labs

Google Malware



OWASP Secure Headers

Scan multiple targets with different settings and pay automatically with your credits. You can buy 1 or multiple credit packs.

Combine multiple scan commands to create your own package. Schedule your pentest on a montly or even daily basis.

Receive your scan report per mail or download the PDF version from your dashboard.

Privacy and security

Security scans are preferably executed on the development or acceptation environment of a web application, not on the live environment. The security scans can impact the responsiveness of the server and the correctness of data.

* This server, our reporting engines and our data storage use an AES256 encrypted file system.
* Information in our databases are AES256 encrypted and passwords are hashed with bcrypt.