Pricing
Simple, honest pricing.
Start with a free scan. Upgrade when you want full findings, daily monitoring, and deployable remediations. Cancel anytime.
Free
Kick the tires. 1 scan, locked findings.
$0/forever
Start free- 1 target
- 1 AI scan per month
- Severity + count summary
- Demo target with full report
Solo
For one site. Full findings, monthly cadence.
$19/mo
Start Solo- 1 target
- 3 AI scans / month
- Full finding details + evidence
- Plain-English remediation + code snippets
- PDF reports
- Email notifications
Most popular
Pro
Up to 5 targets, daily monitoring, full findings. Roughly 1/400th the cost of one traditional pentest.
$49/mo
Start Pro- Up to 5 targets
- 10 AI scans / month
- Daily auto passive rescans
- Full finding details + evidence
- Plain-English remediation + code snippets
- PDF reports
- Email notifications
- Slack / Discord / webhook integrations
- API access for CI/CD
Pro Max
Up to 20 targets, 50 AI scans/month, priority queue.
$149/mo
Start Pro Max- Up to 20 targets
- 50 AI scans / month
- Daily auto rescans on every target
- Everything in Pro
- Priority scan queue (skip the wait)
- Audit log + CSV exports
- Saved searches for finding triage
- GitHub + Jira issue creation
FleetFor 20+ sites / teams / agencies
You’ve got a fleet of sites. We watch them all.
For agencies, security teams, and anyone running 20+ sites.
Talk to usReply within 1 business day. We’ll scope, send a quote, and sign your DPA same week.
- Unlimited targets
- Custom scan quotas
- SSO / SAML + audit-log retention
- Custom DPA + data-residency options
- Dedicated Slack channel
- Custom SLA (24h / 99.9% uptime)
- On-premises scanner option (Q3 roadmap)
Compare features
| Free | Solo | Pro ★ | Pro Max | |
|---|---|---|---|---|
| Scanning | ||||
| Targets | 1 | 1 | Up to 5 | Up to 20 |
| AI scans / month | 1 | 3 | 10 | 50 |
| Daily auto-rescan | — | — | ||
| Priority queue | — | — | — | |
| Findings | ||||
| Severity summary | ||||
| Full finding details | — | |||
| Remediation code snippets | — | |||
| Branded PDF reports | — | |||
| Workflow | ||||
| Email notifications | — | |||
| Slack / Discord / webhook | — | — | ||
| GitHub / Jira issue creation | — | — | — | |
| Saved searches + filters | — | — | — | |
| CSV exports | — | — | — | |
| Audit log | — | — | — | |
| Platform | ||||
| API access (Bearer token) | — | — | ||
| Per-target scanner IP whitelist | ||||
| Authenticated scans | — | — | ||
| Support | ||||
| Email support | Best-effort | 72 h | 48 h | 24 h |
| SLA | — | — | — | 99.5% uptime |
FAQ
- A free scan runs our passive engine (subdomain enumeration, HTTP probing, web crawling, nuclei signature templates) and gives you severity counts. An AI scan adds: a security-engineer LLM that reasons over the crawl + signature output to surface non-obvious issues (chained risks, business-logic gaps, design flaws), then a second AI reviewer that probes each finding to confirm or refute it. Pro+ shows you the AI’s findings, the evidence behind each, and a deployable remediation.
- No. Every target must be verified via DNS TXT record, HTML file upload, or HTML meta tag before any active scan runs. This is required by our Terms of Service and by U.S. + EU computer-crime laws.
- Never. Our engine only reads. Nuclei is configured without intrusive templates. The AI never auto-submits exploits — it generates remediation suggestions only. You can also whitelist our scanner IPs at your WAF so the scan looks like normal traffic.
- One hostname (e.g.
app.example.com). A separate subdomain counts as a separate target. Free + Pro give you 1 target; Pro Max scales to 10. Need more? Email [email protected] — enterprise tiers start at 50 targets. - Yes. Monthly cancels at the end of the current month. Annual cancels at the end of the current year (no pro-rating, but see our 14-day refund policy). No paperwork, no “retention specialist” phone calls.
- Yes — 30% off when you pay annually. Toggle the billing period at the top of this page to see the rates.
- Free passive scan: 1–3 minutes for most sites. Pro AI scan: 3–10 minutes total (discovery + scanning + AI analysis + validation). Daily auto-rescans run overnight and don’t affect your monthly quota.
- EU-resident infrastructure by default (Hetzner Falkenstein). Sub-processors (Stripe, Resend, Alias Robotics) may process data in their own regions — see our Privacy Policy for the full list and EU↔US transfer mechanisms.
- Yes — custom pricing for 50+ targets, SSO/SAML, custom SLAs, dedicated support, and DPA. Email [email protected] with your use case.
- Every finding goes through a second-pass validator that probes the live target and judges whether the evidence actually supports the finding. Refuted findings are dropped before you ever see them. Even so, AI outputs aren’t infallible — always verify before acting on critical remediations.
How is “AI scan” different from a free scan?
Can I scan a domain I don’t own?
Are scans destructive?
What’s a target?
Can I cancel anytime?
Do you offer annual discounts?
How fast is a scan?
Where is my data stored?
Do you have an enterprise tier?
What if the AI is wrong?
Still deciding?
Run a free scan against your own domain in under 3 minutes. No credit card.
Start free