For small & growing businesses

Real security posture,
without an enterprise budget.

Scheduled scans, DNS/TLS checks, and forgotten-subdomain discovery - the basics enterprise scanners charge thousands a year for, built into Starter from £29/month.

Features for small & growing businesses

Your first real security posture.

Free

Scanning

8-layer security analysis

HTTP/TLS, HTML, network traffic, JavaScript CVEs, tag managers, third-party supply chain, platform misconfigurations, server/CMS software CVE checks, and AI synthesis all run on every scan.

Free

Platform Security

Vibe-coded platform security

Detects the most common security failures in apps built with Lovable, Supabase, Base44, Bubble, and similar AI app builders - publicly readable databases, exposed service_role keys, and known platform CVEs.

Free

Scanning

Server software CVE detection

Web server software disclosed in response headers (Apache, nginx, IIS, PHP, and more) is matched against the National Vulnerability Database, with the exact version and CVE ID shown for anything found.

Free

Scanning

CMS & platform fingerprinting

Detects the CMS or e-commerce platform a site runs on - WordPress, Joomla, Drupal, Magento, Shopify, Wix, Squarespace, Webflow, and more - and checks any self-hosted, version-disclosed platform against the National Vulnerability Database.

Starter

DNS & Subdomains

DNS record analysis

SPF, DMARC, DNSSEC, CAA, mail and nameserver records - every check shown, even when clean, so you can see exactly what was verified.

Starter

DNS & Subdomains

SSL/TLS certificate analysis

Certificate issuer, expiry, protocol version, cipher suite, and key strength - flagging weak or expiring certificates before they become an outage or a warning page.

Starter

DNS & Subdomains

Subdomain discovery

Finds forgotten staging, dev, and admin subdomains via wordlist enumeration, with a quick reachability check on each - and a one-click button to run a full scan on any of them.

Starter

AI Investigation

Full-site AI agent

An AI agent crawls your entire site - or a defined scope - running all 8 layers on every page it decides is worth investigating.

Starter

AI Investigation

Per-finding remediation

AI-written remediation steps specific to each finding - not generic advice. Tells your developer exactly what to change and why.

Starter

Reports

PDF evidence export

Timestamped, formatted PDF with your scan details, findings, and an attestation block. Accepted by auditors for SOC2 and ISO 27001 evidence.

Starter

Automation

Scheduled recurring scans

Set a weekly, monthly, or quarterly cadence and scans run automatically. Never miss a security check-in for SOC2 or ISO 27001 again.

Starter

Automation

Email alerts

Get notified when a scheduled scan completes or when a new critical or high severity finding is detected - before your next scheduled check.

Pricing

Starter covers most growing teams.

Full-site scans, DNS/TLS analysis, and scheduled monitoring - at a fraction of what enterprise scanners charge.

Free

£0
  • 1-page scan per submission
  • All 8 scan layers
  • Vibe-coded platform security scan (Supabase, Lovable, Base44 & more)
  • AI executive summary
  • Scan history in your account
  • Re-scan and delete anytime
  • Shareable public link
Create free account

Starter

Popular
£29/ month
  • Full AI agent investigation
  • Up to 50 pages per scan
  • Per-finding remediation guidance
  • DNS & SSL/TLS security analysis
  • PDF evidence export
  • Scheduled recurring scans
  • Scan comparison reports
  • Email alerts for new criticals
Get started

Pro

£79/ month
  • Everything in Starter
  • Up to 200 pages per scan
  • ISO 27001 / SOC2 control mapping
  • Remediation tracking
  • Team access and finding assignment
  • Slack and webhook notifications
  • API access
  • Audit evidence packages
  • Audit activity log
Get started

Enterprise

Full DAST
£99/ month
  • Everything in Pro
  • Active Security Testing (DAST)
  • Independent Active Testing Score
  • Forced browsing, CORS, reflected-input probes
  • Authenticated scan mode (session capture)
  • Enable active testing via API / MCP
  • Priority support
Get started