ZenoScan
Scan a site Login See Pricing
Features

Three engines, one clean dashboard

Detection and monitoring, deep file scanning, and vulnerability intelligence, working together so nothing slips through.

Engine 1 ยท Remote Scanner

Zero-install detection

Crawls your site and grades it A-F across domain reputation, security, and TLS.

  • Malware / skimmer / defacement signatures
  • Blocklist (Google Safe Browsing + ESET)
  • CMS & version fingerprint
  • Security headers (CSP, HSTS, X-Frame, leaked PHP)
  • TLS certificate issuer & expiry
  • SEO spam (pharma / casino keyword scan)
๐Ÿ”
Engine 2 ยท Server-side Connector

Deep, honest file scanning

A single audited PHP file that scans locally and pushes signed results. Fixes everything we hated about Sucuri's server-side scanner.

  • Real file-integrity baseline + change diff
  • Persistent whitelist (path + sha256), verify once, stays
  • ClamAV + YARA + maldet + Sansec on the platform side
  • HMAC-signed push, timestamped, IP-locked
  • No eval, no shell, no arbitrary path access
  • Never reports "clean" on a failed scan
๐Ÿ›ก๏ธ
Engine 3 ยท Vulnerability Intelligence

Outdated = exploitable. We track both.

Detected component versions matched against live vulnerability feeds, refreshed nightly.

  • WordPress: WPScan API + Wordfence Intelligence
  • Magento: advisories + CosmicSting / patch-level
  • Libraries & PHP EOL via NVD / OSV.dev
  • Severity, CVE link & remediation per finding
๐Ÿ“Š

Plus everything you'd expect

๐Ÿ””

Multi-channel alerts

Email, Zoho Cliq, Telegram, pick what fits your team.

๐Ÿ•‘

Visible job state

Queued / running / done / failed with retry. No "Scan Pending" forever.

๐Ÿ“„

PDF reports

Branded, client-ready security reports generated on demand.

๐Ÿ”Œ

API + MCP

Automate scans and pull results straight into your tooling.

๐Ÿ—‚๏ธ

Scan history

Full timeline of every scan, finding and fix per site.

๐Ÿข

Multi-tenant

Manage every client site from one account, with isolation.

Try the free scanner