What we scan

Comprehensive scanning, precise fix guidance

Multiple scan types, every severity level, and AI fix intelligence on every finding — for any host you can reach on the public internet.

Scan types

What scans?

Start with a Basic scan to identify your most exposed services, then go deep for a full CVE-correlated assessment.

Basic Scan

Fast, broad assessment of your most commonly exposed services. Ideal for a first look or routine check of a network range.

✓ Verify host before other scans

✓ Common port range scan

✓ Common service enumeration & versioning

✓ AI OS fingerprinting

✓ AI Stealth scan detection avoidance

✓ TLS / SSL versioning/expiry

✓ Up to 254 hosts per scan (subscription required)

Deep Scan

Comprehensive full-port assessment with authenticated CVE correlation and detailed fix intelligence. The standard for serious security posture management.

✓ All Basic scan features

✓ Full port/service enumeration

✓ Deep CVE database correlation

✓ CVSS scoring per finding

✓ Detailed AI fix intelligence

✓ Per-scan pricing with subscription discounts

Website Scan

(subscription required)

Targeted assessment of HTTP and HTTPS services. Identifies common web application vulnerabilities and misconfigurations.

✓ Web technology fingerprinting

✓ OWASP Top 10 checks

✓ TLS / SSL configuration analysis

✓ Security header & cookie review

✓ Per-scan pricing with subscription discounts

Single Issue Scans

(subscription required)

Targeted scan for a specific CVE or issue. Ideal for verifying remediation or quickly investigating a single concern.

✓ Single CVE or specific check

✓ Targeted port or service

✓ Remediation verification

✓ Fast turnaround

✓ Per-scan pricing with subscription discounts

Get started →

What we find

Vulnerability categories

Fixhosts scans for the vulnerability classes that matter most for internet-facing and internal hosts.

Exposed services

Unnecessary open ports, unprotected admin interfaces, and services exposed beyond their intended scope.

Outdated software

Service and OS versions with known CVEs — correlated against the NVD with CVSS scores and published exploits flagged.

TLS / SSL issues

Weak cipher suites, deprecated protocol versions (TLSv1.0/1.1), expired certificates, and misconfigured HSTS.

Authentication weaknesses

Default credentials, anonymous access, and services accepting weak authentication methods.

Network misconfigurations

SMB exposure, RDP access, unintended service broadcasts, and firewall bypass opportunities.

Information disclosure

Services leaking version banners, server headers, or internal path information that aids attacker reconnaissance.

Scope

What can be scanned

✓ In scope

IPv4 addresses and CIDR ranges you own or have written permission to scan

Public-facing web servers, mail servers, VPN endpoints

Internal hosts reachable via a VPN connection

Cloud-hosted infrastructure

✗ Out of scope

Targets you do not own or have no written authorisation to scan

Shared hosting environments without explicit landlord consent

Critical national infrastructure

Targets prohibited under our Terms of Service

You confirm ownership and authorisation at order. See our Terms of Service for full acceptable use policy.

Ready to scan?

Start with a $20 Basic scan — full AI fix intelligence delivered to your portal within the hour.

Start scanning now → How it works