Know everything about your website's security. For Free.
Vulnerabilities, Open ports, SSL, DNS, Leaked credentials, CMS Scanning, Supply Chain, Web Vitals, Uptime and more — scanned and monitored automatically.
17 Scanners.
One platform, complete coverage.
| Scanner | Description | Plan |
|---|---|---|
| Web | Scan your website for common vulnerabilities including XSS, SQL injection, insecure headers, and OWASP Top 10 issues. | Free |
| Port | Discover open ports and running services on your target. Identify potential attack vectors and unauthorized services. | Free |
| DNS | Discover subdomains, check for zone transfer vulnerabilities, and detect potential DNS takeover risks. | Free |
| SSL | Check SSL/TLS certificates for expiry, weak ciphers, outdated protocols, and HSTS configuration. | Free |
| Headers | Analyze HTTP security headers including CSP, X-Frame-Options, HSTS, Permissions-Policy, and Referrer-Policy. | Free |
| Verify SPF, DMARC, and DKIM records to protect your domain against email spoofing and phishing attacks. | Free | |
| CMS | Scan WordPress, Drupal, and other CMS platforms for vulnerable plugins, themes, and outdated core versions. | Free |
| JS Audit | Scan loaded JavaScript libraries for known vulnerabilities and outdated dependencies. | Free |
| Broken Links | Crawl your page for broken links, missing images, dead scripts, and mixed content issues. | Free |
| Tech | Detect technologies, frameworks, and libraries running on your site and cross-reference against known CVE vulnerabilities. | Paid |
| API | Test REST and GraphQL endpoints for broken authentication, rate limiting issues, and excessive data exposure. | Paid |
| Cookie | Check cookie compliance (GDPR/CCPA). Detect tracking cookies set before consent, missing flags, and third-party scripts. | Paid |
| Leak | Check if your domain or company has been exposed in data breaches, credential leaks, or paste sites. | Paid |
| Web Vitals | Measure Core Web Vitals, performance score, accessibility, SEO, and best practices using Lighthouse. | Paid |
| Supply Chain | Discover third-party vendors loaded by your site and assess their security posture, breach history, and SRI compliance. | Paid |
| Uptime | Monitor your website availability and response time. Get alerted when your site goes down. | Paid |
SSL, Headers, and Email scanners are available instantly — no domain verification required.
Paid scanners are available on any paid plan starting at $9/month.
Configure.
17 scan types. Your rules.
Run every scan type from one dashboard
Web vulnerabilities, open ports, DNS records, SSL certificates, security headers, email authentication, tech stack detection, CMS scanning, API testing, JS audits, cookie analysis, broken links, leaked credentials, web vitals, and supply chain risks — all from a single configure page. Set the aggressiveness, add subdomains, schedule recurring scans, and let Blacksight handle the rest.
Reports.
Delivered to your inbox.
Comprehensive findings, zero logins
Every scan generates a detailed report breaking down vulnerabilities by severity — high, medium, low, and informational — with actionable remediation steps for each finding. Get daily, weekly, or monthly email digests summarizing new findings, score changes, and scan completions so you always know your security posture without needing to log in.
Mitigate.
New findings.
Collaborate and mitigate
After your scans wrap up, dive into the fresh findings and team up to tackle any issues. You'll find helpful tips and tricks in each report, making it a breeze to seal those gaps pronto. Easy peasy collaboration for quick problem-solving!
Monitor.
Insight analytics.
Targets domain insight
Access risk insights on your dashboard to gain an overview of the security risks associated with your website. You have the ability to view insights for each subdomain or for the entire domain, providing a granular overview of your domain's security.
Built for security teams.
Everything you need to stay protected.
Instant scans.
Run on-demand scans after every deployment or change. Results in minutes.
Recurring schedules.
Daily, weekly, or monthly automated scans. Monitor your attack surface 24/7.
Configurable depth.
Control aggressiveness, enable spidering, and toggle authenticated scanning.
Subdomain coverage.
Add subdomains to cover your full attack surface, not just the main domain.
WordPress & Drupal plugins.
Manage scans and verify domains directly from your CMS admin panel.
Team collaboration.
Invite team members to your organization to triage and mitigate findings together.
Email digests.
Daily, weekly, or monthly reports delivered to your inbox. Stay informed without logging in.
Uptime monitoring.
Per-minute checks with alerts for downtime, keyword changes, and status code failures.
Pricing.*
Expand the capabilities.
Free.
$0
Free forever but limited.
Scan your main website
2 instant scans per month
1 recurring scan per quarter
Comprehensive reports
30 days reports history
7 days security insight
Light.
$9 / month
For solo developers.
Everything in Free
1 instant scan per week
1 recurring scan per week
1 subdomain
No login for web scans
1 collaborator
PDF reports
Plus.
$29 / month
Go deeper and collaborate.
Everything in Light
Unlimited instant scans
Unlimited recurring scans
Up to 3 subdomains
Up to 3 collaborators
Unlimited reports history
Scan after login
PDF reports
Pro.
$89 / month
Expand the capabilities.
Everything in Plus
Up to 10 subdomains
Up to 10 collaborators
Scan SOAP APIs
Scan OpenAPI APIs
Scan GraphQL APIs
PDF reports
Priority customer support
Enterprise.
Contact us
Get more for your business.
No limits
SAML Single-Sign-On (SSO)
User activity audit logging
AI powered Blacksight+
Invoice billing
IT-GRC compliance
24/7 customer support
On Premise possible
*We at Blacksight are ethical and will never sell your data to a third party. Prices listed do not include potential sales tax, which may be applicable based on your location.