Website Vulnerability Scanner

Find weaknesses and prevent downtime with website vulnerability scanning. Automated to save you time.

Scan your website for vulnerabilities with ease

Your website is undergoing changes all the time, even without your knowledge. Plugins are being updated, different users are logging in to make edits, and the systems your site uses are being modified too. Intruder’s website vulnerability scanner finds and alerts you to vulnerabilities so you can fix them before they’re exploited.

new vulnerabilities everyday

How to scan your website with Intruder


Add your targets

Start scanning your website in minutes by adding the IP address or URL.


Review your results

Review vulnerabilities prioritized by business context. Send tickets and issues directly to your teams within hours.


Verify your fixes

Quickly rescan specific issues to check if your fixes worked. Set up automated scans for continuous website security.

See how easy website vulnerability scanning can be

Test your website’s security inside and out

Find critical vulnerabilities in your website, including unencrypted admin services, exposed databases, and SQL injection. Add authentication to scan behind login pages. Get notified when SSL or TLS certificates are about to expire to prevent downtime.

automated scanning

Save time with automated website security scanning

Schedule recurring website scans at flexible intervals. Proactive emerging threat scans notify you as soon as new vulnerabilities are discovered. Intruder intelligently prioritizes your results and provides remediation advice.

Integrations that accelerate remediation

Integrate Intruder with your CI/CD pipeline to automatically find weaknesses earlier in the development lifecycle. Keep on top of important changes to your website’s security with notifications via Slack, Teams, or email.

Gotta catch ‘em all

Automated scanning can help you identify most issues in your website, but manual testing helps to close any additional gaps.

With Intruder's continuous penetration testing service, our experienced penetration testers check your systems for critical vulnerabilities, including ones that are not detectable by automated scanners.

How often should you scan?

The time between a vulnerability being discovered and hackers exploiting it is narrower than ever – just 12 days. We explain why continuous vulnerability scanning has become essential and how you can best implement it.

Read our reviews on

Can I scan single page applications (SPAs) with Intruder?
faq arrow

Yes, you can! Learn all about how to scan SPAs with Intruder here.

How do I scan my website for vulnerabilities with Intruder?
faq arrow

The first thing you need to do is add your website as a target by entering its IP address or url. You can then kick off your first scan in just a few clicks – it’s that simple!

What website security checks does Intruder perform?
faq arrow

Intruder’s website security scans check for web-layer security problems such as SQL injection and cross-site scripting, as well as other security misconfigurations. Read more about Intruder’s checks here. 

What do you mean by scanning your website, internally?
faq arrow

Your internal systems can be just as enticing to hackers as your external network so it’s important to test your website for vulnerabilities there too.

When we talk about scanning the website internally, we’re actually talking about scanning the web server that the website is hosted on. Web servers are internet-facing, but any sensitive information connected to them (such as databases) will sit behind a firewall, to prevent them from being reached by unauthorized individuals.

If ‘stuff’ can’t be reached externally, then remote checks won’t work and so you’d need to run local checks. At Intruder, all local/internal checks are performed via an agent which you’d install on the server.  

Internal vulnerability scanning also hunts through your website for missing patches and detects insecure versions of many thousands of software components and frameworks, including operating systems and network devices. Find out more about internal vulnerability scanning.

Can I scan my website if it is built using a web app, such as WordPress?
faq arrow

Intruder works with many platforms, including WordPress, Drupal, Joomla, Squarespace and more.

Which plan should I choose if I just want to scan my website?
faq arrow

Choose our Essential or Pro plan to externally scan your website. If you are looking at our internal vulnerability scanning capability, this is only available to our Pro, Premium, and Vanguard customers. Visit our pricing page to learn more.

What license should I buy for a website that doesn’t have a login-page?
faq arrow

Buy any of our Essential or Pro plans that cover infrastructure licenses by default. Head to our pricing page for more information.

Sign up for your free 14-day trial

7 days free trial