Pricing

Vulnerability scanner pricing — simple & transparent.

Every plan includes proof-backed findings and 5-framework compliance mapping. Core and Pro unlock full attack-path visibility and recurring monitoring depth. No per-scan fees. No surprises. Cancel any time.

Free
$ 0
free forever
Try VeilScan on your domain — no credit card required.
1 domain
1 lifetime scan
Basic external security scan
Medium & Low findings visible
Critical/High findings locked
AI narrative, PDF generation & email delivery
Scheduled scans & Slack alerts
Delta reports & compliance export
Get started free
Starter
$ 49
per month
For small teams getting started with external security.
1 domain monitored
1 manual scan / month
1 active verified domain scanned monthly
Proof-backed findings
5-framework compliance mapping
PDF report + portal access
Slack alerts
Attack path chains
Delta reports
Get started
Pro
$ 299
per month
For growing SaaS teams monitoring multiple public assets.
Up to 20 active verified domains
25 manual scans / month
Each active verified domain scanned daily
Proof-backed findings
5-framework compliance mapping
PDF report + portal access
Slack alerts + Attack paths
Delta reports
Compliance export (CSV/JSON)
Start with Pro

All plans require a signed Rules of Engagement document. Manual onboarding for first 20 customers.

Full Comparison

What about everything side by side?

Feature Free Starter Core Pro
Domains monitored11520
Scans included1 lifetime1 / month5 / month25 / month
Automatic scheduleMonthlyWeeklyDaily
External asset discoveryBasic
Service exposure checks
Vulnerability checksBasic
SSL/TLS checks
Email security (SPF/DMARC/DKIM)
Medium & Low findings
Critical & High findings
AI narrative
PDF generation & email delivery
Customer portal
5-framework compliance mapping
Attack path chains
Slack critical alerts
Delta reports (new/fixed/overdue)
Compliance export (CSV/JSON)
Get started free Get started Start with Core Start with Pro
Common Questions

What about everything you need to know?

No. VeilScan is purely external — it only scans what is visible from the public internet. No agents, no credentials, no internal network access required.
A signed document confirming you have authorisation to scan the specified domains. Required before any scan runs. We provide a template and handle onboarding manually.
Every Critical finding must include a reproducible curl command with a real response containing verified sensitive data before it is classified as Critical. Anything unverified is auto-downgraded.
All customer data — scan results, reports, findings — is stored exclusively in AWS eu-west-2 (London). No data leaves the EU.
Yes. On all plans you can trigger an on-demand manual scan from your portal. Manual scans are separate from your automatic per-domain schedule.
Get Started

What about your first scan. In under two hours?

Add your domain, verify ownership, and let VeilScan do the rest. No agents, no credentials, no internal access required.

Start scanning → I already have an account
No hidden scan fees Cancel any time Data stays in London (eu-west-2)