For agencies & MSPs

One dashboard.
Every client domain.

Run and schedule scans across your entire client portfolio from one account - subdomain discovery, team seats for the whole account team, and an API/MCP integration for whatever tooling you already run.

Features for agencies & MSPs

Run a whole portfolio from one account.

Free

Scanning

Server software CVE detection

Web server software disclosed in response headers (Apache, nginx, IIS, PHP, and more) is matched against the National Vulnerability Database, with the exact version and CVE ID shown for anything found.

Free

Scanning

CMS & platform fingerprinting

Detects the CMS or e-commerce platform a site runs on - WordPress, Joomla, Drupal, Magento, Shopify, Wix, Squarespace, Webflow, and more - and checks any self-hosted, version-disclosed platform against the National Vulnerability Database.

Starter

DNS & Subdomains

Subdomain discovery

Finds forgotten staging, dev, and admin subdomains via wordlist enumeration, with a quick reachability check on each - and a one-click button to run a full scan on any of them.

Starter

AI Investigation

Full-site AI agent

An AI agent crawls your entire site - or a defined scope - running all 8 layers on every page it decides is worth investigating.

Starter

Reports

Full scan history

Every scan you run is preserved indefinitely. Filter by domain, date, or severity to find any past report instantly.

Starter

Reports

Comparison reports

Side-by-side diff between any two scans of the same site. See exactly what findings are new, what has been resolved, and what has changed severity.

Starter

Automation

Scheduled recurring scans

Set a weekly, monthly, or quarterly cadence and scans run automatically. Never miss a security check-in for SOC2 or ISO 27001 again.

Pro

Automation

Webhook integration

Push findings to any system - Jira, Linear, PagerDuty, or your own. Signed payloads (HMAC), per-endpoint event selection, and a delivery log.

Pro

Automation

API access

Trigger scans programmatically and pull results via a REST API - poll status, fetch findings, list scans for a domain. Full OpenAPI docs included.

Pro

Automation

MCP server for AI agents

Let Claude, Cursor, or any MCP-compatible AI agent trigger scans and poll results directly - create_scan, get_scan, list_scans, and wait_for_scan tools, no glue code required.

Free

Team

Multi-domain dashboard

Your account shows all scans organised by domain - current grade, last scanned, open findings. Free for all accounts. Pro adds team sharing and bulk actions.

Pro

Team

Multi-user access

Invite team members with role-based permissions. Developers see findings and remediation; managers see scores and reports; admins manage everything.

Pro

Team

Assign findings to developers

Tag any finding to a specific team member, with bulk-assign by category or by scan. A dedicated "My Assigned Findings" page tracks status and remediation notes.

Pricing

One plan. Every client site.

Pro and Enterprise both include team seats and a multi-domain dashboard - no per-client billing.

Free

£0
  • 1-page scan per submission
  • All 8 scan layers
  • Vibe-coded platform security scan (Supabase, Lovable, Base44 & more)
  • AI executive summary
  • Scan history in your account
  • Re-scan and delete anytime
  • Shareable public link
Create free account

Starter

Popular
£29/ month
  • Full AI agent investigation
  • Up to 50 pages per scan
  • Per-finding remediation guidance
  • DNS & SSL/TLS security analysis
  • PDF evidence export
  • Scheduled recurring scans
  • Scan comparison reports
  • Email alerts for new criticals
Get started

Pro

£79/ month
  • Everything in Starter
  • Up to 200 pages per scan
  • ISO 27001 / SOC2 control mapping
  • Remediation tracking
  • Team access and finding assignment
  • Slack and webhook notifications
  • API access
  • Audit evidence packages
  • Audit activity log
Get started

Enterprise

Full DAST
£99/ month
  • Everything in Pro
  • Active Security Testing (DAST)
  • Independent Active Testing Score
  • Forced browsing, CORS, reflected-input probes
  • Authenticated scan mode (session capture)
  • Enable active testing via API / MCP
  • Priority support
Get started