New — MCP server live: scan from Claude, Cursor & any MCP client

The vulnerability scanner your AI agent can actually use.

Scannd exposes vulnerability scanning as MCP tools — scan, status, report, templates — so AI coding agents can test and triage your app without a human babysitting a dashboard. 7,000+ security checks. Wired for MCP. Ready in one API key.

Success! Expect a scan report in your inbox. Full scan can take 12 hours.
Error An error occurred, please review the entered data.
Submitting... Your form is being submitted, please wait.

Either yourdomain.com or https://yourdomain.com works.

scannd-mcp-session.log

agent@claude:~$ mcp call scannd:start-scan { "url": "https://myapp.dev" }

[MCP] Request authorized. Scan ID: sc_78291a

[SCAN] Running security template engine against target...

CRITICAL: SQL Injection vulnerability detected on /api/v1/auth

WARNING: Missing Security Headers (HSTS, CSP)

SUCCESS: Full template library coverage applied

Agent summary: "Found 1 critical vulnerability. Recommend patching auth.ts line 42."

7,000+
Security Checks
MCP
Native Interface
AI-Ready
Agent Workflows

Platform Features

Comprehensive security auditing without the complexity.

7,000+ Security Checks

Template-based scanning covering CVEs, misconfigurations, and common web vulnerabilities — updated continuously as new threats are published.

Rotating Proxies

Scans route through a rotating proxy network so your site doesn't get blocked and results stay accurate.

Smart Reports

Get structured reports your AI can parse. Critical findings are flagged immediately for remediation.

Dashboard History

Every scan result is stored securely. Track your security posture over time with historical trends.

Scheduled Scans

Set it and forget it. Weekly automated scans run without manual intervention to ensure persistent safety.

MCP Integration

Connect directly to Claude or Cursor. Trigger scans and query results within your AI chat workflow.

Use scannd in Claude, Cursor, and any MCP-compatible AI

scannd now offers an MCP server for subscribers. Connect your API key to your AI assistant and trigger scans, query vulnerabilities, and get domain summaries directly from your AI workflow — no browser required.

{
  "mcpServers": {
    "scannd": {
      "command": "npx",
      "args": ["@scannd/mcp"],
      "env": {
        "SCANND_API_KEY": "sk_your_key_here"
      }
    }
  }
}
Claude
scannd MCP
Scan results

Seven tools your assistant can call

trigger_scan

Queues a security scan for your registered domain and returns a scan_id to poll.

get_scan_status

Polls the status of a previously triggered scan.

list_reports

Lists past scan reports for your account (metadata only, no findings).

get_report

Returns the full content of a specific report, or the latest report if omitted.

get_vulnerabilities

Returns findings from a report, optionally filtered by severity.

get_domain_summary

Returns a high-level summary of your domain: tier, scan history, and vulnerability counts.

list_templates

Lists the scan workflows available to trigger_scan.

Full tool reference with input/output schemas in the MCP docs.

Why not just use X?

Built specifically for the new era of AI-driven development.

StackHawk

Built for securing AI-written code, not for the agent to operate the scanner itself.

Escape.tech

Enterprise API-security platform with MCP as an add-on, not built for a solo developer.

Legacy DAST

Dashboard-first, no agent-native workflow (Detectify / Intruder).

Transparent Pricing

60-day money back guarantee.

Free

$0 /mo

Perfect for trying out basic MCP tools.

Start Free
  • 1 Target
  • 3 Scans / Month
  • MCP tools enabled (rate-limited)
Recommended

Pro

$30 /mo

Enhanced security for power developers.

Subscribe Pro
  • Full MCP access
  • 5 Targets
  • Unlimited Scans
  • Full template library access
  • Priority Support

Team

$150 /mo

Built for teams scaling agent workflows.

Subscribe Team
  • 25 Targets
  • Scoped & Audit-logged MCP keys
  • Project-based keys
  • Team seat management
  • 24/7 Priority Support

Enterprise

Custom pricing, dedicated MCP endpoint, SSO & Advanced Governance.

Contact sales

Frequently Asked Questions

Yes. Each target is a unique root domain or subdomain. Team plans offer easy management of multiple targets via scoped MCP keys.
Our MCP server connects your AI environment (Claude, Cursor, etc.) directly to our scanning engine. You can prompt: "Scan this new PR for vulnerabilities" and your agent will use Scannd tools to report back.