External attack surface scanner

Know yourvulnerabilitiesbefore they do.

Professional security assessment for your domains. 14 scanning modules, 10,000+ vulnerability templates, 81 custom research templates, intelligent parameter fuzzing, and AI-powered analysis. One scan. One report. No subscription.

$

Domain verification required. We only scan domains you own.

0+
vuln templates
0
custom research templates
0
scan modules
0
vuln classes detected
nucleinmapsubfinderhttpxniktozaptestsslffufwhatwebwafw00fkatanaparamfuzzclaude ai
nucleinmapsubfinderhttpxniktozaptestsslffufwhatwebwafw00fkatanaparamfuzzclaude ai
nucleinmapsubfinderhttpxniktozaptestsslffufwhatwebwafw00fkatanaparamfuzzclaude ai
nucleinmapsubfinderhttpxniktozaptestsslffufwhatwebwafw00fkatanaparamfuzzclaude ai
Process

Domain to report
in four steps.

01
Enter domain
Type your target. We handle the rest.
02
Verify ownership
DNS TXT or file verification. Takes 60 seconds.
03
Pay once
Secure checkout. No subscription. No lock-in.
04
Get your report
Professional PDF with AI remediation. In your inbox.
Capabilities

Broad external security coverage. Fully automated.

Subdomain Enumeration
Subfinder + Certificate Transparency. Finds forgotten staging, dev portals, shadow IT.
Vulnerability Detection
10,000+ community + 81 custom research templates. CVEs, misconfigs, injection points, secrets in JS, cache poisoning.
Intelligent Parameter Fuzzing
FULL+
Auto-discovers endpoints, classifies parameters by type, and runs targeted checks for common web flaws such as injection, unsafe redirects, and risky input handling.
Access & Workflow Checks
FULL+
Automated checks for exposed auth flows, over-permissive inputs, missing access controls, and other common web application anti-patterns.
Infrastructure Mapping
Port scanning with risk assessment for 20+ dangerous services. SSL/TLS audit, 9 security headers graded A-F.
Sensitive Paths & API Exposure
Ffuf + 25-path API docs scanner. .env, .git, admin panels, debug endpoints, Swagger, GraphQL playgrounds.
DNS & Email Security
SPF, DMARC, DKIM validation with specific misconfiguration detection and fix instructions.
AI Risk Analysis
FULL+
Claude AI reviews every finding. Attack chains, CVSS scoring, 30-day remediation plan.
Actionable Remediation
Every finding includes prioritised remediation guidance so engineers can fix the highest-risk issues first.
vulnscan — scan output
$ vulnscan --target example-corp.com --tier full
Sample Reports

See what you'll receive.

Download sample reports for the paid tiers. No signup required.

Quick ScanPDF ↗
Baseline external posture: SSL, headers, DNS
4 pages3 findings
Full AssessmentPDF ↗
Deeper web findings, risk scoring, remediation
6 pages8 findings
Business AuditPDF ↗
Executive summary, compliance appendix, roadmap
8 pages12 findings
Pricing

One scan. One price. No subscription trap.

Manual pentests cost far more. We offer high-value automated external security assessment at a fraction of the cost.

Free Scan
Free
no card required
  • Security headers grade (A-F)
  • SSL/TLS certificate check
  • Technology fingerprinting
  • Basic DNS check
  • Summary report in dashboard
Scan for Free
Quick Scan
€99
one-time payment
  • Everything in Free +
  • Subdomain enumeration
  • Port scan (top 1,000)
  • 10,000+ community templates
  • SSL/TLS audit + DNS security
  • Remediation guidance for every finding
  • PDF report with severity scoring
Get Quick Scan
Most Popular
Full Assessment
€249
one-time payment
  • Everything in Quick +
  • 81 custom research templates
  • Automated parameter discovery & fuzzing
  • Automated checks for common web flaws
  • Access control and auth surface checks
  • Nikto + ZAP DAST
  • AI risk analysis + OWASP mapping
  • Prioritised 30-day remediation plan
Get Full Assessment
Business Audit
€699
one-time payment
  • Everything in Full +
  • Expanded port coverage
  • Broader browser and endpoint coverage
  • Executive summary for stakeholders
  • Compliance-oriented appendix
  • Prioritised remediation roadmap
  • Best for production systems and high-value assets
Get Business Audit
FAQ

Common questions.

Is this legal?+
Yes. Domain ownership is verified via DNS TXT or file challenge before any scan begins. Unauthorized scanning is blocked.
How long does a scan take?+
Quick scans: about 5 minutes. Full assessments: 10-15 minutes. Business audits: up to 30 minutes depending on infrastructure size.
Will the scan affect my website?+
Scans are rate-limited, external, and designed to be non-destructive. We do not run manual exploitation or persistence attempts as part of the automated service.
What does AI analysis include?+
AI helps cluster findings, score likely impact, highlight possible attack chains, and draft remediation guidance. Human validation is still recommended before major security decisions.
How is this different from free tools?+
We combine 14 scanning modules into one workflow, correlate the output, and package it into a structured report. Instead of raw tool output, you get discovered assets, prioritised findings, severity scoring, OWASP mapping, and remediation guidance in one place.
How is my data handled?+
Encrypted at rest (AES-256), EU-hosted (Germany), auto-deleted after 90 days. We never share data with third parties. GDPR compliant.

From the blog

All articles →

Find them first.

Professional security report. Minutes, not weeks.

Start scanning →