Start your 7-day free trial, your card won’t be charged
Full security scans on every domain

Find what attackers see,
before they do

Run a full security scan on any domain in your portfolio in one click. Subdomain discovery, open-port scanning, TLS audits, OWASP web vulnerability checks, WordPress-specific scans, and AI-summarised findings, all from your dashboard.

Start Your Free Trial

7-day free trial · cancel anytime

Why running scans matters

If you manage more than a handful of domains, you can’t manually pentest each one every month. TLDTrack runs the heavy tooling for you, then summarises the findings in plain English.

See your real attack surface

Forgotten staging subdomain still exposed? Old Tomcat manager still on port 8080? We find the things you forgot were there, before someone else does.

CVE coverage on autopilot

Scans run against a continuously updated library of 13,000+ known CVE and misconfiguration templates. New vulns get checked the next time you scan, no rule-writing required.

Plain-English findings

Raw nmap, ZAP and nuclei output is fine for security engineers, but useless to most clients. Every finding is rewritten with what it means, why it matters and how to fix it, so you can hand the report to a non-technical stakeholder.

Track posture over time

Every scan is stored against the domain, so you can see whether last quarter’s findings have been fixed and whether new ones have appeared. Useful for audits, board reports and SOC2 evidence.

What every scan covers

Each scan runs in an isolated Fargate container with industry-standard tooling. Nothing is shared between customers, nothing is cached.

Subdomain discovery

Passive enumeration via CT logs and threat-intel feeds (subfinder), plus live resolution checks (httpx). Find subdomains you forgot were there.

Port & service scan

Top-port nmap sweep to fingerprint what’s exposed: SSH versions, mail servers, admin panels, dev services accidentally left open to the internet.

TLS / SSL audit

Full testssl.sh pass: weak ciphers, deprecated protocols (SSLv3, TLS 1.0/1.1), known CVEs (Heartbleed, ROBOT, POODLE), certificate chain issues, HSTS posture.

Security headers

CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy. Graded with specific suggestions for missing or weak directives.

Tech fingerprinting

whatweb + httpx detection of CMS (WordPress, Drupal, Joomla), frameworks, web servers, WAFs. Drives the targeted checks that come next.

13k+ vulnerability templates

ProjectDiscovery’s nuclei runs the full template library against the target: known CVEs, default credentials, exposed config files, leaked secrets, misconfigured services.

WordPress-specific

If WordPress is detected, WPScan kicks in: plugin and theme vulnerabilities, user enumeration, exposed wp-config.php backups, weak admin endpoints.

OWASP web app scan

OWASP ZAP active scan (full tier) probes for XSS, SQL injection, CSRF, open redirects, path traversal, the OWASP Top 10 staples. Requires customer authorisation.

AI-rewritten findings

Every raw finding gets a plain-English summary, severity rating and a recommended fix written by Claude. Hand the report to a developer or a client without translation.

Two scan depths

Quick baseline for routine checks; deeper active scan when you need a real audit.

Baseline ~10 minutes

Passive & light-active scan

Subdomain discovery, port fingerprinting, TLS audit, security headers, tech fingerprinting, nuclei templates and WPScan (if WordPress is detected). Safe to run against any site you own, no WAF or rate-limit warnings.

  • • Included on every paid plan
  • • Re-run any time, results stored against the domain
  • • Roughly 10 minutes from click to report
Full ~45-60 minutes

Active OWASP web app scan

Everything in baseline, plus OWASP ZAP active scanning: XSS, SQLi, CSRF, open redirects, the OWASP Top 10 in depth. This is the scan you run before a launch or a board review, not on every domain every week.

  • • Requires customer authorisation (active scanning is intrusive)
  • • Recommended once per quarter per site
  • • Suggested IP allowlisting for sites behind strict WAFs

Simple, transparent pricing

Every plan includes a 7-day free trial. No commitment required.

Try free for 7 days, cancel anytime, no charge

Just one website?
Our Solo plan is built for small businesses & individuals. Monitoring, alerts & an emergency guide.
£4.99/mo
Learn more →
7 days free

Starter

For individuals & small portfolios

£19/mo

Up to 50 domains

  • Uptime, DNS & SSL monitoring
  • Blacklist monitoring
  • AI valuations
  • Renewal tracking & alerts
  • Financial reports (CapEx/OpEx)
  • Email health scoring
Start Free Trial
Most Popular 7 days free

Pro

For active managers & agencies

£49/mo

Up to 250 domains

  • Everything in Starter
  • Deep Dive AI analysis
  • Client portal access
  • WordPress plugin
  • Similar domain detection
  • Priority email support
Start Free Trial
7 days free

Agency

For agencies & resellers

£149/mo

Up to 1,000 domains

  • Everything in Pro
  • Up to 1,000 domains
  • Multi-client management
  • WHM & cPanel integration
  • Live email deliverability tests
  • Dedicated support
Start Free Trial

Enterprise

For large organisations

Custom

1,000+ domains

  • Unlimited domains
  • Custom data residency
  • SLA guarantee
  • Dedicated onboarding
  • Custom integrations
Contact Sales

*SMS notifications are an optional paid add-on available on all plans. Standard SMS rates apply per message sent.

All prices are exclusive of VAT for business accounts.

Your card won't be charged during the trial. Cancel anytime. Book a demo

Frequently asked questions

No. A pentest is a manual engagement by a human consultant chaining findings together. TLDTrack’s scans run the same tooling a pentester would start with (nuclei, nmap, ZAP, WPScan, testssl.sh) and catch the same categories of issue, automated, repeatable, and far cheaper. For high-risk sites you should still book a manual pentest annually; we’ll catch the rest in between.

You should only scan domains you own or have explicit written permission to test. The baseline scan is passive and very light-active and is safe against your own sites; the full ZAP scan is genuinely active (sends real attack payloads) and can trip WAFs. We require you to acknowledge ownership before running a scan.

The baseline scan is gentle and usually flies under the radar. The full ZAP scan is intentionally aggressive, send a heads-up to your WAF vendor or temporarily allowlist our egress IP if you want clean results.

Baseline: about 10 minutes. Full ZAP: 45-60 minutes on a typical small/medium site. Larger sites with more attack surface can run longer; we cap at 2 hours.

Each scan runs in an isolated AWS Fargate container in eu-west-2. Findings are stored in the EU. Egress comes from a fixed IP range so you can allowlist us if needed.

Yes, each scan’s raw output and AI-rewritten findings are stored against the domain so you can compare runs and track whether issues have been resolved.

Yes. Every plan includes a 7-day free trial, your card is not charged for 7 days. Run a real scan and see the report before you commit.

Stop hoping the staging box is locked down

One click. Full scan. Plain-English report. Run it against every domain you manage, every quarter, without a security consultant on retainer.

Start Your Free Trial

Explore more of TLDTrack

All features overview

Every check TLDTrack runs and what it costs.

For small business

Plain-English website monitoring for non-technical owners.

For agencies

Manage every client domain in one dashboard.

TLDTrack vs UptimeRobot

Honest feature-by-feature comparison.

Free email deliverability

Free SPF / DKIM / DMARC checker, no signup.

iOS & Android apps

Push alerts the moment something breaks.