Hi, thanks for checking us out.

We provide a turn-key service to run the industry-leading open source vulnerability scanners on your websites and servers. You get an alert when any new risks are detected.

We have a nice Free Forever plan.

Most of our development (aka “plumbing”) was in data modeling, ux design, and making sure these scanners stopped crashing!

Yes, we believe in open source contributions, and not just leeching. We are from Seattle and welcome any comments!!!

Have been using the Free Forever plan and it's solid! They've made a lot of UI changes to streamline the whole process. Nice to have it auto scheduled with a report of changes every month. And they summarize the issues in their UI much better than the standard reports you'd get running the scan yourself.

I have just tried it out - submitted my site's address & email, saw "stuff" happening in the firewall log and then got by email a nice report (pdf & XML & JSON). The website itself looks good as well :)

I'll keep this website in mind for when/if I have a more serious website and maybe before I'll do another test by disabling my honeypot-ports (if accessed more than X times then the firewall closes access to the whole server) to see exactly what all my vulnerabilities are.

Questions:

1) I admit that my firewall is probably not the best one ever configured by humanity -> I might have in the area of IPv6 vulnerabilities that I don't have with IPv4 (configured separately and I was so far too lazy to unify the two configurations, additionally IPv6 actually works differently as VMs have direct external connections while IPv6-traffic goes through NAT and tunnels based on the requested port, etc...) -> is currently the same set of tests performed by using both IPv4 and IPv6 protocols or are you focusing mainly on IPv4? (my firewall potentially logs a lot more in relation to IPv4 traffic than IPv6, so I'm not sure - I think that I cannot see anything related to IPv6 in my FW-logs)

2) Does your "free" scan perform all tests mentioned here ( https://hostedscan.com/scan-types ) or only some of them (e.g. focusing mainly on the part involving websites, e.g. webserver, SSL, JS&HTML contents, etc)? (as mentioned above my ports configured as honeypot might have blacklisted access from your source IP before that some more technical tests could be performed, so I honesly don't know if they were tested or not)

3) I have accepted a "risk" about "Private IP disclosure" that was related to some webpages containing private IP addresses like 192.168.x.x (which I mentioned just as examples in the articles that were impacted) -> if I would publish in the future additional pages that would contain again such private IP addresses, would I get again such a warning (which is what I hope, as the webpages would be new) or not? Meaning that by accepting the risk, did I accept the whole category "Private IP disclosure" no matter which other webpages will be detected additionally in the future, or are just the currently found URLs whitelisted? (therefore future webpages that have the same problem will then show up as well in the report)

Thank you!

Yep, not sure anyone will comment here, but we'd be happy to answer any questions if so :)

I've been following HostedScan for a few months now. Really excited to see the progress!

What are your plans for more different scan types?