HostedScan

HostedScan is a unified platform offering multiple scanning tools, and it’s reasonably priced compared to leading scanners such as Probely, Invicti, and Detectify. It’s used to find vulnerabilities in websites, APIs, networks, and servers.

For this review, I’ve purchased a paid plan for HostedScan. I’ll explore HostedScan’s features, pros and cons, and use cases to help you understand how it fares compared to leading vulnerability scanners.

Features

Offers multiple scanners in a single platform.
Automates scanning at schedules.
Sends email alerts for new vulnerabilities.
Provides authenticated scans.
Offers API access to integrate it into the CI/CD process.
Helps you get notifications in your app via Webhooks.

Pros

Provides a forever-free plan with access to all scan types.
Offers up-to-date open-source scanners.
Tracks vulnerabilities through the dashboard.
Retains historical scan data at no additional cost.

Cons

Chat and direct phone support are unavailable.
Compliance reports are not provided.

HostedScan Review Methodology

Geekflare tested HostedScan’s vulnerability scanning platform, exploring its core capabilities, ease of use, compliance features, reporting, and integration capabilities. By combining practical usage and user feedback, we deliver an unbiased review of its effectiveness in securing IT assets and enhancing security posture.

What Is HostedScan?

Founded in Seattle, Washington, in 2021, HostedScan is a leading vulnerability scanning and risk management tool. It offers industry-standard, open-source vulnerability scans within a single platform, allowing you to find vulnerabilities in servers, networks, web applications, encryption, and APIs.

HostedScan lets you track vulnerabilities across your organization. You can schedule scans, receive real-time email alerts for discovered vulnerabilities, and generate aggregated reports. Once it finds vulnerabilities, it also suggests solutions to mitigate them.

According to the Skybox Security report, a new CVE (Common Vulnerability and Exposures) surfaces every 17 minutes. Therefore, it’s imperative to regularly scan your IT infrastructure to identify and address vulnerabilities proactively before threat actors can exploit them, and this is where HostedScan can help.

Though anyone with IT infrastructure can benefit from using HostedScan, the following industries find it particularly valuable due to their need for robust and competitively-priced vulnerability management solutions:

SaaS providers
eCommerce businesses
Managed service providers (MSPs)
Small businesses

Now that you have an overview of HostedScan, let’s explore the different scanners it offers in its unified platform.

HostedScan Scanners

There are four scanners that HostedScan has integrated into its platform. Each scanner has varied features and serves different purposes. I have tested all four scanners and included screenshots to help you understand them better.

Vulnerability Scanner

HostedScan has integrated Open Vulnerability Assessment Scanner (OpenVAS) to scan your servers and connected devices for over 50,000 vulnerabilities. It’s the most popular vulnerability scanner and can help you detect insecure software and CVEs.

Here’s a screenshot of HostedScan’s dashboard, allowing you to run OpenVAS.

When you start scanning, the scanner first identifies open ports and services. Then, it scans for vulnerable outdated software, insecure configurations, and CVEs.

It took around 50 minutes to scan Geekflare using OpenVAS.

In my research, I’ve observed that OpenVAS is updated daily to help you check your servers for the latest vulnerabilities.

This makes it ideal for cybersecurity professionals and those looking to pentest online.

Network Scanner

HostedScan checks your targets for open ports using Nmap (Network mapper), performing a detailed network vulnerability scan.

Nmap is a highly popular network discovery and auditing tool among security teams and penetration testers worldwide. It can check IP addresses for potentially exposed running services, Classless Inter-Domain Routing (CIDR) blocks for new activity, firewalls and routers for exposed ports, and more.

Some certifications, such as SOC-2 and ISO 27001, require regular port scanning. So, it’s important to scan your ports and services regularly.

HostedScan offers two ways to run port scanning.

Nmap TCP: Discovers open services and ports on your servers and firewall with a complete TCP port scan of ports 0 to 65535
Nmap UDP: Discovers open ports of common UDP services on your servers and firewalls

I have run Nmap TCP and Nmap UDP to test Geekflare, as shown in the screenshot below.

HostedScan’s Network Scanner is suited for IT administrators and cybersecurity professionals.

Application Scanner

HostedScan employs OWASP Zed Attack Proxy (ZAP) Scanner to scan websites and web applications for SQL injection, XSS vulnerabilities, JavaScript vulnerabilities, and more.

OWASP Zed Attack Proxy scanner is now known simply as ZAP, but HostedScan still refers to it as OWASP ZAP.

The platform offers two options to use OWASP ZAP:

OWASP ZAP: It scans your application passively to find cross-domain misconfigurations, insecure cookies, vulnerable JS dependencies, and more
OWASP ZAP Active: As the name suggests, it scans your application actively to test it for SQL injection, XSS attacks, remote command execution, and more

OWASP ZAP Active scan includes all the tests from the passive scan.

The HostedScan application scanner focuses on your application and helps you discover frontend and API vulnerabilities, which include but are not limited to:

Various types of information disclosure, like application error disclosure, cookie poisoning, etc.
Configuration issues
Injection vulnerabilities
Cross-site scripting
Insecure redirection

I ran OWASP ZAP active for Geekflare. It quickly gave me results.

HostedScan application scanner is ideal for web developers and security analysts.

SSL Scanner

HostedScan uses a Sslyze TLS/SSL scanner to analyze your TLS/SSL configurations and identify bad certificates, heartbleed, ROBOT, weak cyphers, and more.

It mainly focuses on SSL and HTTPS encryption vulnerabilities and also supports non-HTTP servers like LDAP, IMAP, RDP, and FTP.

During my testing, I noticed that the SSL Scanner performed quite fast. It scanned Geekflare.com in just less than 2 minutes!

HostedScan’s Sslyze TLS/SSL scanner is well-suited for system administrators and compliance teams.

In addition to these four scanners, HostedScanner also offers API Security Scanning and Internal Network Scanning (Beta).

HostedScan Features

To gather better insights for this HostedScan review, I purchased a paid plan and thoroughly explored the platform’s features. I found 6 features worth noting.

1. Automated Scanning and Scheduling

I liked HostedScan’s configuration settings, which let you schedule scans one time, daily, monthly, and weekly. You also have an option to start scanning now or at a later time.

When you schedule a scan for a specific time, HostedScan automatically performs the scan as scheduled, eliminating the need for any manual intervention.

2. Comprehensive Reporting and Prioritization

HostedScan emails you a comprehensive scan report after each scan is completed. The reports include the Executive Summary, Vulnerabilities by Target, Vulnerabilities detected by the scanner, and Glossary.

These reports categorize vulnerabilities into four types: Critical, High, Medium, and Low. Thus, it is easier to prioritize vulnerability remediation.

Of course, critical vulnerabilities require immediate actions.

HostedScan Scanning Report for Geekflare

I liked that HostedScan showed detected vulnerabilities in the email body itself. This allows you to understand the severity of the detected risks without opening the scan reports.

HostedScan Email Report for Geekflare Scanning

Its dashboard highlights risks detected, accepted, and fixed for efficient vulnerability management.

HostedScan Dashboard Showing Geekflare Scanning Results

In addition to email, you can also access scan reports from the dashboard, as shown below.

HostedScan Dashboard Geekflare Scanning Report

HostedScan’s reporting and categorization of detected vulnerabilities was a standout feature for me. Even beginners can navigate these scan reports without any difficulty.

You can also check how your security has improved over time in the dashboard.

Geekflare HostedScan Review Security Over Time Report

3. API for CI/CD Integration

You can integrate HostedScan into any software development workflow using APIs and Webhooks. This way, it can help improve your DevSecOps.

It offers a comprehensive REST API, letting you create Targets, configure Scans for those targets, fetch risk, and generate reports.

You can use Webhooks to get notifications in your app about key events, such as scan completions and detections of new risks for specific targets.

4. Multi-user Collaboration

HostedScan lets you invite your team members to collaborate. You can add your team members via their email addresses.

When sending invites to your team members, you can assign them either of the following roles:

Read-Only: They can only view targets, scans, and risks and generate reports
Administrator: They can make changes to targets, scans, and risks

Once your team member accepts the invite, they can start using HostedScan with privileges based on their roles.

HostedScan Review Team Member Invite Acceptance

As you can see, multi-user collaboration is easy to implement in HostedScan!

During the testing period, I found that HostedScan doesn’t provide compliance readiness reports.

However, it offers a comprehensive set of scanners for networks, servers, applications, websites, and APIs.

You can schedule automated scanning on a daily, weekly, and monthly basis with email notifications for new vulnerabilities found in these scans. It also allows you to check reports and dashboards for vulnerability management and remediation tracking.

All these features help meet various regulatory compliances such as ISO 27001, SOC 2, GDPR, and TPA, which mandate testing, assessing, and evaluation to ensure security.

6. Real-time Alerts

HostedScan lets you schedule automated scans that generate aggregated reports. If the platform discovers new vulnerabilities, it sends you real-time alerts via email, as shown in the screenshot below.

HostedScan Review Realtime Alert for Geekflare Scanning

HostedScan Use Cases

HostedScan supports risk-based vulnerability management, helping you discover and prioritize vulnerabilities in your application and IT infrastructure.

Here are five common use cases I have picked for this HostedScan review.

1. External Vulnerability Management

By identifying vulnerabilities in your organization’s user-facing assets, such as your website, network, servers, APIs, or cloud services, HostedScan can help you excel at external vulnerability management. It not only detects vulnerabilities but also suggests steps to address them.

2. Compliance and Regulatory Adherence

HostedScan, with its integrated scanners, can help you find and fix vulnerabilities. As a result, it helps you meet leading compliance standards, including ISO 27001, SOC2, GDPR, and Trusted Partner Network (TPN), which mandate organizations to manage application and IT infrastructure vulnerabilities.

3. Authenticated Web Application Scanning

Many applications have a significant amount of content hidden behind logged-in. To run a thorough security testing of an application, HostedScan lets you run authenticated application scanning. Its OWASP ZAP scanner leverages recorded login for your application to run authenticated scans.

4. Automated Penetration Testing

HostedScan enables you to schedule open-source scanners for continuous automated testing. If it detects any vulnerabilities, you’ll receive email or Slack notifications, depending on your preferences.

5. WordPress Security Assessment

HostedScan offers multiple scanners that can help you assess the security of your application built with WordPress and other technologies. Its OpenVAS scanner is used to find vulnerabilities specific to WordPress, detecting vulnerabilities in WordPress code and plug-ins.

In addition to the above use cases, you can also improve your client service with HostedScan’s managed vulnerability scanners.

HostedScan Pricing

HostedScan offers 4 plans, of which 3 are paid.

Free Plan: Allows you to run an online vulnerability scan for up to 3 targets monthly using all scanners, but you can scan each target only once per month. The free plan also lets you access summary reports through the dashboard and email.
Basic Plan: Costs $39/month and allows you to run unlimited monthly scans for up to 5 targets. You can run automated scanning on a schedule and retain historical scan data.
Premium Plan: Starts at $109/month. It includes everything from the basic plan plus API access, an option to receive results via Webhooks, authenticated scans, internal network scanning, and more.
MSP (Managed Service Provider) Plan: Costs $189/month for up to 20 targets/month. It includes everything from the Premium plan and white-label reporting.

The cost of the paid plans increases if you increase the number of targets to be scanned per month. HostedScan offers a 25% discount if you purchase an annual subscription for any paid plan.

Here is a pricing table for HostedScan for quick reference.

Plan	Price/Month	Target Included	Key Features
Free	$0	3	Scanning each target once a month, summary reports, ability to import risks from Dependabot, OpenAPI, AWS
Basic	$39	5	Everything in Free, plus unlimited scans, automated scanning through scheduling, retaining of historical scan data, email alerts for new vulnerabilities
Premium	$109	5	Everything in Basic, API access, internal network scanning, slack integration, results via webhooks, authenticated scans, custom request headers
MSP	$189	20	All Premium features, white-label reporting, multi-tenant workspaces

You also get a 30-day refund guarantee if you’re not satisfied with the scanning service.

HostedScan Integration

When searching for a vulnerability scanner, you need a solution with robust integration options. HostedScan excels in meeting this requirement.

Based on my research and testing, HostedScan offers excellent integrations, as shown below.

APIs and Webhooks: HostedScan lets you scan your API, and its webhook integration enables real-time scan alerts directly within your application.
GitHub Actions, CircleCI, Azure, and AWS: The platform has built-in integrations with leading DevSecOps tools, including GitHub Actions, CircleCI, Azure, AWS, and more. As a result, it enables you to easily integrate many security activities into the software development lifecycle.
Microsoft’s Azure Cloud: HostedScan allows you to sync targets and assets from Microsoft Azure. Consequently, you can scan virtual machines, web apps, public IPs, and containers located in the cloud. Once importing is done, you need to run scans for each target.
GitHub’s Dependabot and Snyk: You can view and audit Dependabot alerts and issues from Snyk in HostedScan. This helps you streamline workflows, improve collaboration, and strengthen security.
Slack: You can receive alerts about your scans in Slack, but this feature is available only in the Premium plan.
Mindflow: Mindflow supports HostedScan integration, letting you automate processes with AI.

In addition, HostedScan allows you to sync DigitalOcean Droplets and virtual machines from Linode for scanning.

Support

During the testing phase, I found that HostedScan provides a comprehensive resource library to assist users with configuration, getting started, and managing account and billing details.

However, the website lacks a live chat support option and a direct helpline for immediate query resolution.

It only offers email support. If you encounter any difficulties, you can email the company at hello@hostedscan.com. Email support is prompt if you message them during weekdays.

I tested their email support and emailed them asking about HostedScan features.

Surprisingly, I received the reply within a few hours on the same day. So, I can confidently say that HostedScan offers relatively prompt email support.

As you can see in the above reply, the support executive has included a telephone number in the email signature, offering me an option to call HostedScan.

Although the email signature included links to LinkedIn and X, I don’t recommend using these platforms to contact HostedScan, as these accounts are not actively managed.

HostedScan Alternatives

While HostedScan has some great features, it may not fit your needs. In that case, HostedScan’s alternatives, like Probely, Tenable Nessus, Invicti, Detectify, and Intruder, are worth checking out.

I’ve created a table below showing HostedScan’s alternatives based on their features, pricing, scanning capabilities, and target audience.

	HostedScan	Probely	Tenable Nessus	Invicti	Detectify	Intruder
Free Plan	Yes	Yes	Yes	No	No	No
Starting Price	$39/month	Custom	$ 4,708.20/year	Custom	Custom	$99/month
Scanning Capabilities	Applications, APIs, servers, networks	Applications, APIs	Web Applications, external attack surface, cloud	Applications, APIs, Containers	Applications, complete attack surface	Application, API, internal and external scanning
Key Features	Automated scanning on a schedule, email alerts for new vulnerabilities, authenticated scans	Asset discovery, custom scanning, compliance reports	Real-time vulnerability updates, configuration, compliance, and security audits	DAST + IAST approach, on-prem/on-demand deployment, manual scanning tool kit	Unique crawler for security testing, fingerprinting for personalized scanning, authenticated testing	Attack surface visibility, automated cloud and emerging threat scans, rich integrations
Target Audience	SMBs, Business websites, MSPs	DevSecOps Teams	IT Administrators & security professionals	CTO, CISO, security engineers, and DevSecOps	Enterprises, IT security professionals	IT security teams, cybersecurity professionals
Rating Geekflare’s editorial team determines ratings based on factors such as key features, ease of use, pricing, and customer support to help you choose the right business software.	4.2 /5	4.8 /5	4.6 /5	4.5 /5	4.8 /5	4.8 /5
Explore	HostedScan	Probely	Tenable Nessus	Invicti	Detectify	Intruder

Who Should Use HostedScan

As I wrap up this HostedScan review, you might wonder who should use it. So, while the platform’s features are excellent for most IT organizations to mitigate vulnerabilities, there are a few audiences that benefit the most from HostedScan. I’ve listed them below.

SMBs: Small businesses with IT infrastructures larger than individuals but smaller than large corporations are an ideal fit for HostedScan. They often overlook security due to limited resources. Since they can’t afford expensive scanning tools, HostedScan is a cost-effective solution to improve their security posture.
Business Websites: Hackers constantly search for vulnerabilities in WordPress and other technologies to install malware or cause a data breach. A website vulnerability scanner like HostedScan can help identify and fix these issues.
Managed Service Providers: Managed service providers can use HostedScan to extend their cybersecurity offerings. Its white-label reporting helps MSPs highlight their logos and branding in scanning reports.

Who Shouldn’t Use HostedScan

Even though HostedScan is competitively priced and offers multiple scanners, it might not be the best scanning solution for some audience types, such as:

Business With a Small Online Presence: If your business’s online presence includes a simple one-page website and a few social media accounts, you don’t need to buy a HostedScan subscription. Free website scanners like SiteLock, Astra Website Scanner, and UpGuard will be enough to scan your website and find vulnerabilities.
Global Enterprises: HostedScan is a good platform with multiple scanners, but it’s more suited for SMBs. If your business is a global enterprise, going with an all-in-one security platform like Cloudflare Security Center, Qualys TruRisk for Enterprise, or CrowdStrike Falcon Exposure Management will be a better option to protect your application and IT infrastructure, due to their comprehensive security protection.

HostedScan Verdict

As I’ve showcased in this review, HostedScan detects security vulnerabilities through multiple open-source scanners—all on a single platform. These scanners, which include OpenVAS, Nmap, OWASP ZAP, and SSLyze, let you scan applications, networks, servers, and APIs.

You can schedule scans, view scan reports in a dashboard, and receive email alerts for new vulnerabilities. What’s more, you can integrate it with your DevSecOps!

However, HostedScan doesn’t offer compliance reports, chat or phone support, on-prem deployment, fingerprinting for personalized scans, or attack surface visibility. I wouldn’t recommend the platform to global enterprises due to these reasons.

So, based on my evaluation of the platform during testing, HostedScan receives the Geekflare Value Award!

Not only is it easy to use, but it offers great features at a fraction of the cost of competitors like Tenable and Probely. This makes it an ideal scanning platform for SMBs, business websites, and MSPs.

Sandeep Babu
Contributor
- LinkedIn
Sandeep Babu is an in-house cybersecurity writer at Geekflare. He has completed multiple cybersecurity certifications, including the ISC2 Certified in Cybersecurity, Google Cybersecurity Professional Certificate, and many more. Sandeep Babu has been working in cybersecurity since 2019. Earlier, he covered cybersecurity for MakeUseOf, Small Business Trends, and Cloudwards.
Anirban Choudhury
Editor
- LinkedIn
Anirban Choudhury is as an editor at Geekflare, bringing over 7 years of experience in content creation related to VPNs, Proxies, Hosting, Antivirus, Gaming, and B2B2C technologies.