847 Automated Security Checks

Your website has
vulnerabilities.
Attackers already
know this.

GuardianScan runs professional-grade security assessments against your domain — the same checks attackers run, in minutes. Know your exposure before they do.

https://
See a sample report·Domain verification required·From R299
Intelligence sourcesShodanAlienVault OTXGoogle Safe BrowsingHaveIBeenPwnedCISA KEVRansomWatch

How It Works

Three steps from signup to full threat report

01

Verify Domain Ownership

Add a DNS TXT record we generate. This proves you own the domain and protects other sites from unauthorised scans. Takes under two minutes.

02

Choose Your Depth

Select from Surface (5 min), Deep (25 min), or Intelligence (90 min). Pay securely via PayFast. Your scan starts immediately.

03

Get Your Report

Receive a CVSS-scored vulnerability report with prioritised findings, evidence, and step-by-step remediation for every issue found.

Choose Your Scan

Pay once per scan. No subscription. No lock-in.

Surface Scan

Know where you stand

R299/ scan
Results in ~5 minutes
  • 847 passive security checks
  • Security headers analysis (CSP, HSTS, X-Frame-Options, Referrer-Policy…)
  • DNS email security (SPF, DMARC, DKIM)
  • SSL/TLS certificate validation
  • Open port detection
  • Technology stack fingerprinting
  • CVSS-scored findings with severity
  • Prioritised remediation steps
  • PDF report included
Get Started
Most Popular

Deep Scan

Find what attackers find

R999/ scan
Results in ~25 minutes
  • Everything in Surface Scan
  • Authentication testing (default creds, brute-force protection)
  • Account lockout verification
  • Rate limiting analysis across all endpoints
  • CORS misconfiguration detection
  • Subdomain takeover assessment
  • API endpoint enumeration
  • Sensitive file & directory exposure
  • Detailed attack evidence per finding
  • Step-by-step remediation per vulnerability
Get Started
Most Comprehensive

Intelligence Scan

Board-level threat intelligence

R2,999/ scan
Results in ~90 minutes
  • Everything in Deep Scan
  • OSINT intelligence gathering (RDAP, DNS history, Wayback Machine)
  • Breach correlation (AlienVault OTX, RansomWatch, paste sites)
  • Shodan CVE mapping vs your live infrastructure
  • CISA KEV cross-reference (known exploited vulnerabilities)
  • Google Safe Browsing & phishing cert detection
  • Cloud storage bucket enumeration (S3, Azure, GCS)
  • Typosquatting domain monitoring
  • BGP/ASN reputation & abuse score
  • Claude AI attack chain narrative
  • POPIA liability exposure estimate
  • Executive war game: Can you survive ransomware?
  • ZAR financial exposure breakdown
Get Started

All prices include VAT. Payments processed securely via PayFast.

What We Find

Every finding is scored, evidenced, and actionable

CriticalCVSS 8.1

Missing Content-Security-Policy

No CSP header detected. Attackers can inject malicious scripts into your pages, steal session cookies, and redirect users to phishing sites — all without compromising your server.

GET / HTTP/1.1
# Expected: Content-Security-Policy: default-src 'self'
# Found: (header absent)
Fix: Add Content-Security-Policy header to all responses via your web server or CDN configuration.
PassEmail Security

DMARC Policy: Reject

Strong DMARC policy detected. Phishing emails pretending to come from your domain will be rejected by recipient mail servers — protecting your customers and your brand reputation.

_dmarc.acme.co.za IN TXT
"v=DMARC1; p=reject; rua=mailto:dmarc@acme.co.za"
Status: Correctly configured. No action required. 87% of domains we scan have a weaker policy.

Built for South Africa's threat landscape

South African businesses lost over R2.2 billion to cybercrime last year. POPIA requires breach notification within 72 hours — and fines reach R10 million for non-compliance.

GuardianScan gives SMEs access to the same intelligence tools used by enterprise security teams — without the six-figure consulting bill. We run 847 automated checks across passive and active attack surfaces, correlated against live global threat feeds.

R2.2bn
Lost to cybercrime in SA last year
72hrs
POPIA breach notification window
847
Security checks per scan
<5 min
Time to your first Surface report

Find out what attackers see

Domain verification required. We only scan sites you own.

https://

Surface Scan from R299 · No subscription · Results in minutes