Whitelist scanner

We recommend whitelisting our scanner IP addresses to get the best insight as possible on your website's security.

IP addresses (AWS) (GCP)

This will avoid scan requests being blocked by your security systems.


Add subdomains to your scan and discover more.


SettingsTargetRecurring scanInstant scanDelete

Modify your scan settings to fit your needs. We recommend testing your settings using instant scans first before making it recurring.

Schedule: Monthly on mondays at 09:00
Agressive: No
Spider: No
API target: No
API type: None

Recurring schedule

A recurring scan is like a routine health check for your website's security that runs automatically according to your schedule settings. On the other hand, an instant scan is like a quick, on-the-spot check that you can run whenever you want to ensure everything is safe right at that moment. We suggest starting with instant scans to explore and find the right settings before setting up a recurring scan. It's a good way to familiarize yourself with the process and ensure everything is in order before making it a regular routine. Note that recurring schedule time is in your local timezone.


Day & time:


Aggressive scanning tries to identify possible weaknesses by simulating real attacks on your system. It involves actively testing your defenses to see if they hold up against known threats. On the other hand, disabling this option is a safer approach that doesn't alter any requests or responses. It's useful for detecting issues such as missing security headers or absent anti-CSRF tokens. However, it may not catch vulnerabilities like XSS, which need malicious requests to be sent. Using aggressive scan also allows you to enable the spider, which will automatically explore new areas, like hyperlinks and potentially vulnerable URLs on your website. The spider won't launch any real attacks on the explored resources. Instead, it helps you identify resources that are exposed on your website.

Pro feature

Api target

If your target is an API, we recommend turning on this setting, as it adjusts the checks specifically for APIs. It will attempt API-specific exploits against your target, providing you with valuable insights into the security of your endpoints. If your API uses GraphQL, sharing your GraphQL schema allows our scanner to comprehensively assess your endpoints, focusing on GraphQL-related vulnerabilities and exploits. If your API is of a different type, like SOAP or OpenAPI, simply select the correct option to properly scan it.