Simple, Transparent Pricing

All prices in EUR, excluding VAT. No subscriptions — pay per scan.

Basic

€69
617 tests checks · 20-40 min
  • SSL/TLS deep analysis (80+ checks)
  • HTTP security headers (50+ checks)
  • DNS & email security
  • Port scanning (top 100)
  • Sensitive file discovery
  • Cookie & CORS analysis
  • GDPR/privacy compliance checks
  • CMS detection
  • 15 security tools
  • 2,500+ vulnerability signatures (Nuclei)
  • AI-powered analysis (Opus + Sonnet)
  • AI adaptive testing (up to 5 extra)
  • CVSS 3.1 scores + stable finding IDs
  • Per-endpoint consolidated findings (no duplicate rows)
  • Top-10 by CVSS prioritization table
  • Two-tier executive summary (Board + CTO)
  • DNS security baseline (DNSSEC, CAA, MTA-STS)
  • OpenSSH EOL version detection
  • IP-restriction auto-detection (direct VPS IP fallback)
Get Started

Standard

€169
1,308 tests checks · 1-3 hrs
  • Everything in Basic +
  • Full port scan (65,535 ports)
  • DAST scanning (ZAP + Nuclei)
  • SQL injection testing (SQLMap)
  • XSS detection (DalFox + XSStrike)
  • Directory brute-forcing (4,000+ paths)
  • JavaScript CVE analysis
  • API endpoint discovery
  • Auth & session testing
  • 30 security tools
  • 6,000+ vulnerability signatures
  • CISA KEV (known exploited vulns)
  • AI adaptive (up to 10 extra)
Get Started
Most Popular

Premium

€349
1,734 tests checks · 2-6 hrs
  • Everything in Standard +
  • Advanced injection (SSTI, SSRF, XXE)
  • GraphQL + REST API deep testing
  • JWT & OAuth analysis
  • Supply chain scanning
  • HTTP request smuggling
  • DORA + ASVS L1+L2
  • 40 security tools
  • 10,200+ vulnerability signatures (full Nuclei)
  • AI adaptive (up to 25 extra)
  • Opus strategic scan planning
Get Started

Enterprise

€899
2,500+ tests checks · 2-8 hrs
  • Everything in Premium +
  • Aggressive Pentest INCLUDED
  • Full exploitation testing (RCE, SQLi L5)
  • Nikto full server audit (6,700+ checks)
  • NSE scripts (brute, discovery, exploit)
  • ASVS L3 + ISO 27001 + CRA + NIST CSF
  • 46 security tools
  • 15,600+ vulnerability signatures (official + AI)
  • OSINT reconnaissance
  • AI attack path mapping
  • AI adaptive (up to 40 extra)
  • ZAP active-scan (full 15-30 min per policy)
  • Honest coverage reporting (every killed/skipped test tagged)
  • Adaptive pacing for slow targets (503 → automatic slowdown + retry)
Get Started
Feature Basic
€69		 Standard
€169		 Premium
€349		 Enterprise
€899
Scanning & Discovery
Effective security checks 4,500+ 20,000+ 40,000+ 60,000+
Estimated scan time 20-40 min 1-3 hrs 2-6 hrs 60-120 min
SSL/TLS analysis (TestSSL) 80+ checks 80+ checks 80+ checks 80+ checks
HTTP security headers 50+ checks 50+ checks 50+ checks 50+ checks
Port scanning Top 100 All 65,535 All + UDP All + UDP + services
DNS & email security
Sensitive file discovery
CMS detection
Subdomain enumeration
Directory brute-forcing (FFuf) 4,000+ paths 4,000+ paths Recursive + deep
API endpoint discovery
OSINT reconnaissance
Vulnerability Detection
Nuclei vulnerability templates 3,000+ 7,500+ 12,900+ 15,600+ (official + AI + community)
SQL injection (SQLMap) Level 3 Level 5 + WAF bypass Level 5 + all tampers
XSS detection (DalFox) Basic Blind + DOM Full + WAF evasion
SSTI detection (SStimap)
SSRF detection
OS command injection (Commix) Level 3 + time-based
HTTP request smuggling
XXE injection
Deserialization attacks
Smart parameter fuzzing
Authentication & Session
Cookie security analysis
CORS analysis Deep exploitation Deep exploitation
Auth & session testing
JWT analysis (JWT_Tool) Full + key brute force
OAuth/OIDC testing
IDOR detection
Supply Chain & Infrastructure
JavaScript CVE analysis
Retire.js scanning
Gitleaks secret detection
Cloud misconfig (AWS/GCP/Azure)
Kubernetes/Docker exposure
CI/CD pipeline exposure
AI Analysis
AI-powered finding analysis Sonnet Tiered Tiered Tiered
Executive summary Opus Opus Opus Opus
Quality review Opus Opus Opus Opus
Adaptive AI test triggers Up to 5 Up to 10 Up to 25 Up to 40
Opus strategic scan planning
Attack path mapping (AI)
Compliance
OWASP Top 10:2025
OWASP WSTG v4.2
OWASP ASVS 5.0 L1 + L2 L1 + L2 + L3
NIS2 Directive
GDPR Art 32/35
PCI DSS v4.0.1
DORA
ISO 27001
Cyber Resilience Act (CRA)
NIST CSF 2.0
Reports
PDF report
HTML interactive report
JSON machine-readable
Markdown report
Passed checks appendix
AI remediation with code
Compliance gap analysis

Add-Ons

Extend any tier with specialized testing modules.

  • 50 WordPress-specific YAML tests
  • 500+ Nuclei WordPress plugin & theme CVE templates
  • WP REST API enumeration
  • Plugin/theme version detection
  • User enumeration (wp-json)
  • XML-RPC attack surface analysis
  • WPScan-style vulnerability matching
  • AI adaptive: 5 additional WP-specific tests (SQLi on plugins, core CVEs)
Learn more about WordPress Security
  • 35 Laravel-specific YAML tests
  • Nuclei PHP/Laravel/Symfony CVE templates
  • Debug mode detection (APP_DEBUG leak)
  • Blade template injection (SSTI)
  • .env file exposure checks
  • Laravel API route fuzzing
  • PHP deserialization detection
  • AI adaptive: 5 additional Laravel-specific tests
Learn more about Laravel / PHP Security
  • 30 Joomla-specific YAML tests
  • Nuclei Joomla core & extension CVE templates
  • Component/module enumeration
  • Admin panel discovery
  • AI adaptive: 3 additional Joomla tests (SQLi, extension CVEs)
Learn more about Joomla Security
  • 30 Drupal-specific YAML tests
  • Nuclei Drupal CVE templates (including Drupalgeddon)
  • Module enumeration and version detection
  • RCE detection for known Drupal vulnerabilities
  • AI adaptive: 3 additional Drupal-specific tests
Learn more about Drupal Security
  • 124 Moodle-specific YAML tests
  • Nuclei Moodle CVE templates
  • Plugin exposure detection
  • Template injection testing (SSTI)
  • AI adaptive: 3 additional Moodle-specific tests
Learn more about Moodle Security
  • 30 ecommerce YAML tests focused on PCI DSS
  • Payment gateway CVE templates (Stripe, PayPal, Magento)
  • Cart & checkout SQL injection deep scan
  • Price/quantity manipulation fuzzing
  • PCI DSS TLS compliance deep check
  • Credit card data exposure detection
  • Magento/WooCommerce specific CVEs
  • AI adaptive: 5 additional ecommerce tests
Learn more about Ecommerce (PCI DSS)
  • 55 government-focused YAML tests
  • Full NIS2 Directive Article 21 compliance mapping
  • GDPR Article 32/33/34 data protection checks
  • WCAG 2.1 accessibility endpoint verification
  • DNSSEC validation for government domains
  • SPF/DKIM/DMARC email authentication
  • PII & credential exposure detection
  • Government API endpoint discovery
  • SSL certificate chain compliance
  • Document & backup exposure scanning
  • AI adaptive: 12 additional tests (+10 extra AI triggers)
Learn more about Government (NIS2 + WCAG)
  • 151 AI/ML security YAML tests
  • OWASP LLM Top 10 compliance checks
  • AI/ML endpoint CVE templates
  • GraphQL introspection on AI APIs
  • API key & token exposure detection
  • AI model endpoint fuzzing
  • Prompt injection surface analysis
  • AI adaptive: 4 additional AI-specific tests
Learn more about AI Security (LLM Top 10)
  • 85% of real breaches exploit authenticated access
  • 20 authenticated YAML tests
  • Test behind login with provided credentials
  • IDOR (Insecure Direct Object Reference) detection
  • Horizontal & vertical privilege escalation
  • Session fixation & hijacking checks
  • Cross-role authorization testing (with bundle)
  • JWT deep testing (algorithm confusion, key attacks)
  • Post-authentication CSRF & API testing
  • AI adaptive: 4 additional auth tests
  • Extra Role: +€89 | 3-Role Bundle: €249
Learn more about ⭐ Authenticated Scanning (Recommended)
  • 60+ exploitation YAML tests (Batch Z7/Z12 expansion 2026-04-24)
  • Full SQLmap surface: level 5 + risk 3 + 5-tamper WAF bypass
  • SQLmap cookie / header / Host / User-Agent / Referer injection
  • SQLmap POST JSON + urlencoded form bodies with auth cookies
  • --dump=5 proof-of-exploit sample (GDPR-capped, consent-gated)
  • Commix level 3 + POST body + cookie/header injection
  • Commix --os-cmd / --os-shell single-shot (consent-gated)
  • DalFox blind XSS with Interactsh OOB callback correlation
  • DalFox polyglot corpus + WAF evasion + POST form/JSON variants
  • SSTImap full template-engine coverage
  • Nikto WAF evasion stacks 5 + 8 (multi-stack bypass)
  • WordPress credential brute force (top-100 × 5 admin users, consent-gated)
  • HTTP/1.1 + HTTP/2 smuggling (CL.TE / TE.CL / TE.TE chains)
  • XXE, SSRF, deserialization, request smuggling, LDAP, NoSQL
  • JWT tamper modes: alg=none, RS256→HS256, embedded JWK, weak-secret brute
  • Multi-page crawl + fan-out across discovered URLs (up to 30 URLs)
  • CISA KEV full exploitation catalog + Kubernetes/Docker CI/CD exposure
  • AI adaptive: 20 additional exploitation tests (+20 extra AI triggers)
  • Signed attestation required for live-impact tests (extraction, command exec, brute)
Learn more about Aggressive Pentest
  • 10 load test YAML definitions using locust + vegeta
  • Simulate concurrent users hitting your site
  • Measure response times under load
  • Identify breaking points and bottlenecks
  • Requires written consent
Learn more about Stress Testing
  • CIS AWS Foundations Benchmark v2.0 (572 checks)
  • PCI-DSS 3.2.1 + SOC 2 + ISO 27001 + HIPAA mappings
  • Multi-cloud: AWS / Azure / GCP / Kubernetes (single Prowler binary)
  • Customer-supplied read-only IAM role (assume-flow, no standing creds)
  • External recon: cloud_enum + GCPBucketBrute (multi-cloud bucket OSINT)
  • GCP IAM TestIamPermissions privilege depth
  • CloudFlare R2 / DigitalOcean Spaces / Backblaze B2 via s3scanner --endpoint
Learn more about Cloud Security Posture Mgmt (Prowler)
  • CIS Kubernetes Benchmark (control-plane + node + etcd + policy)
  • Active K8s vulnerability scanner (kube-hunter)
  • Anonymous API server / kubelet / dashboard / etcd probes
  • EKS / GKE / AKS specifics (Sys:All trap, public API + leaked creds)
  • Customer-supplied read-only ServiceAccount kubeconfig
  • Optional Peirates in-cluster post-exploit (consent-gated)
Learn more about Kubernetes Security (kube-bench + kube-hunter)
  • Antlers template SSTI probe
  • Glide image-manipulation SSRF (CVE-2024-35189)
  • Content API permission matrix
  • CP account enumeration (CVE-2023-30855)
  • Assets Manager path traversal
  • Static-cache poisoning
  • Laravel-baseline checks
Learn more about Statamic Security
  • Livewire CSRF / property hydration bypass (CVE-2024-47823)
  • Filament Actions unsigned-URL bypass
  • Filament Resources authz matrix
  • Multi-tenancy bypass
  • Tables SQLi via raw whereRaw filters
  • Forms mass-assignment probes
  • Broadcast channel eavesdrop
Learn more about Filament (Laravel Admin) Security
  • CosmicSting chain (CVE-2024-34102 + CVE-2022-24086)
  • Admin auth bypass (CVE-2024-20720)
  • REST API customer enumeration
  • Magecart skimmer detection
  • PCI DSS 6.2 coverage
Learn more about Magento Security (Ecom)
  • Smarty sandbox escape
  • Module-installer RCE (CVE-2024-34717)
  • Product Comments SQLi (CVE-2023-30192)
  • Module CVE matching
Learn more about PrestaShop Security
  • Admin bypass via route parameter
  • File-manager RCE (CVE-2023-46573)
  • SQLi in filter parameter
Learn more about OpenCart Security
  • Liquid SSTI in custom apps
  • Storefront API abuse patterns
  • Theme XSS checks
Learn more about Shopify Storefront Security
  • Deserialisation (CVE-2023-30451)
  • Unauth file upload (CVE-2024-25122)
  • Extension CVE matching
Learn more about TYPO3 Security
  • RCE via ViewState (CVE-2019-0604)
  • Auth bypass (CVE-2023-29357)
  • RCE chain (CVE-2023-24955)
  • 2019 / SE / Online support
Learn more about SharePoint Security (Enterprise)
  • Dispatcher misconfig selectors
  • Servlet exposure (.json/.infinity.json)
  • QueryBuilder RCE (CVE-2023-22952)
Learn more about Adobe Experience Manager Security
  • Report.aspx pre-auth RCE (CVE-2021-42237)
  • ViewState deserialisation
  • Pre-auth file upload surfaces
Learn more about Sitecore Security
  • Preview-mode auth bypass (CVE-2020-29454)
  • Package-install RCE (CVE-2023-31040)
Learn more about Umbraco Security
  • Legacy XSS (CVE-2018-9126)
  • SQLi (CVE-2020-5187)
  • ViewState deserialisation
Learn more about DotNetNuke (DNN) Security
  • Path traversal (CVE-2023-32235)
  • Auth bypass (CVE-2024-43409)
Learn more about Ghost Security
  • XSS (CVE-2023-45363)
  • Auth bypass (CVE-2024-37911)
  • Extension CVE matching
Learn more about MediaWiki Security
  • Deep detection across all 19 CMSs in parallel
  • Auto-dispatch of the matching deep pack (WP, Laravel, Joomla, Drupal, Moodle, Statamic, Filament, Magento, PrestaShop, OpenCart, Shopify, TYPO3, SharePoint, AEM, Sitecore, Umbraco, DNN, Ghost, MediaWiki)
  • Full detection audit trail in the report
  • Use when you don't know your CMS
Learn more about CMS Auto-Detect (premium)
Stress Test Pricing: 50 users €49 • 100 users €79 • 500 users €149 • 1K users €249 • 10K users €599

Executive Report

€39

AI-written board-level summary in plain language. Risk posture, top priorities, compliance implications.

Custom Branding

€29

Your logo, colors, and company name on all reports. White-label ready.

White-Label

€99

Full white-label: no ScanMySite branding anywhere. Resell to your clients.

Professional Services

Programming
Fix vulnerabilities found in your audit
€45/hour
Manual Penetration Testing
Human expert validates scan findings
From €2,500
Compliance Consulting
GDPR, NIS2, PCI DSS, DORA guidance
€95/hour
Code Review
Manual security code review
€45/hour
Security Training
Developer training based on YOUR audit
From €500
Incident Response
Emergency breach response
€150/hour
Continuous Monitoring
Automated recurring scans + alerts
From €19/month